Vulnerabilities > CVE-2018-0734 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Vulnerable Configurations

Part Description Count
Application
Openssl
39
Application
Nodejs
85
Application
Netapp
6
Application
Oracle
36
OS
Canonical
4
OS
Debian
1
OS
Netapp
1
Hardware
Netapp
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Encryption Brute Forcing
    An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • Cryptanalysis
    Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: 1. Total Break - Finding the secret key 2. Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key. 3. Information Deduction - Gaining some information about plaintexts or ciphertexts that was not previously known 4. Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2430.NASL
    descriptionAccording to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) - Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on
    last seen2020-05-08
    modified2019-12-04
    plugin id131584
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131584
    titleEulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131584);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-0734",
        "CVE-2018-5407",
        "CVE-2019-1547",
        "CVE-2019-1563"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the openssl110f packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - The OpenSSL DSA signature algorithm has been shown to
        be vulnerable to a timing side channel attack. An
        attacker could use variations in the signing algorithm
        to recover the private key. Fixed in OpenSSL 1.1.1a
        (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected
        1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected
        1.0.2-1.0.2p).(CVE-2018-0734)
    
      - Simultaneous Multi-threading (SMT) in processors can
        enable local users to exploit software vulnerable to
        timing attacks via a side-channel timing attack on
        'port contention'.(CVE-2018-5407)
    
      - Normally in OpenSSL EC groups always have a co-factor
        present and this is used in side channel resistant code
        paths. However, in some cases, it is possible to
        construct a group using explicit parameters (instead of
        using a named curve). In those cases it is possible
        that such a group does not have the cofactor present.
        This can occur even where all the parameters match a
        known named curve. If such a curve is used then OpenSSL
        falls back to non-side channel resistant code paths
        which may result in full key recovery during an ECDSA
        signature operation. In order to be vulnerable an
        attacker would have to have the ability to time the
        creation of a large number of signatures where explicit
        parameters with no co-factor present are in use by an
        application using libcrypto. For the avoidance of doubt
        libssl is not vulnerable because explicit parameters
        are never used. Fixed in OpenSSL 1.1.1d (Affected
        1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
        1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected
        1.0.2-1.0.2s).(CVE-2019-1547)
    
      - In situations where an attacker receives automated
        notification of the success or failure of a decryption
        attempt an attacker, after sending a very large number
        of messages to be decrypted, can recover a CMS/PKCS7
        transported encryption key or decrypt any RSA encrypted
        message that was encrypted with the public RSA key,
        using a Bleichenbacher padding oracle attack.
        Applications are not affected if they use a certificate
        together with the private RSA key to the CMS_decrypt or
        PKCS7_decrypt functions to select the correct recipient
        info to decrypt. Fixed in OpenSSL 1.1.1d (Affected
        1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
        1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected
        1.0.2-1.0.2s).(CVE-2019-1563)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2430
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c75fc767");
      script_set_attribute(attribute:"solution", value:
    "Update the affected openssl110f packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1563");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl110f");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl110f-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openssl110f-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["openssl110f-1.1.0f-5.h11",
            "openssl110f-devel-1.1.0f-5.h11",
            "openssl110f-libs-1.1.0f-5.h11"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl110f");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0117-1.NASL
    descriptionThis update for nodejs4 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka
    last seen2020-06-01
    modified2020-06-02
    plugin id121292
    published2019-01-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121292
    titleSUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0117-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121292);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/10 13:51:50");
    
      script_cve_id("CVE-2018-0734", "CVE-2018-12116", "CVE-2018-12120", "CVE-2018-12121", "CVE-2018-12122", "CVE-2018-12123", "CVE-2018-5407");
    
      script_name(english:"SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for nodejs4 fixes the following issues :
    
    Security issues fixed :
    
    CVE-2018-0734: Fixed a timing vulnerability in the DSA signature
    generation (bsc#1113652)
    
    CVE-2018-5407: Fixed a hyperthread port content side channel attack
    (aka 'PortSmash') (bsc#1113534)
    
    CVE-2018-12120: Fixed that the debugger listens on any interface by
    default (bsc#1117625)
    
    CVE-2018-12121: Fixed a denial of Service with large HTTP headers
    (bsc#1117626)
    
    CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service
    (bsc#1117627)
    
    CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)
    
    CVE-2018-12123: Fixed hostname spoofing in URL parser for JavaScript
    protocol (bsc#1117629)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117627"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117630"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-0734/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12116/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12120/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12121/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12122/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12123/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-5407/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190117-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?55bbd6c4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-12-2019-117=1
    
    SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-117=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs4-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs4-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"nodejs4-4.9.1-15.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"nodejs4-debuginfo-4.9.1-15.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"nodejs4-debugsource-4.9.1-15.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"nodejs4-devel-4.9.1-15.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"npm4-4.9.1-15.17.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs4");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9A0A7C0986.NASL
    descriptionPatch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129368
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129368
    titleFedora 29 : 1:compat-openssl10 (2019-9a0a7c0986)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-9a0a7c0986.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129368);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/23");
    
      script_cve_id("CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2019-1543", "CVE-2019-1552", "CVE-2019-1559");
      script_xref(name:"FEDORA", value:"2019-9a0a7c0986");
    
      script_name(english:"Fedora 29 : 1:compat-openssl10 (2019-9a0a7c0986)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552,
    CVE-2019-1559.
    
    https://www.openssl.org/news/vulnerabilities.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9a0a7c0986"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openssl.org/news/vulnerabilities.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:compat-openssl10 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1543");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:compat-openssl10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"compat-openssl10-1.0.2o-7.fc29", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:compat-openssl10");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0199_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121899
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121899
    titlePhoton OS 1.0: Openssl PHSA-2018-1.0-0199
    code
    #
    # (C) Tenable Network Security, Inc.`
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0199. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121899);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407");
    
      script_name(english:"Photon OS 1.0: Openssl PHSA-2018-1.0-0199");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openssl package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-199.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0735");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-debuginfo-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-debuginfo-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-debuginfo-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-devel-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-devel-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-devel-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-perl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-perl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-perl-1.0.2q-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-DB06EFDEA1.NASL
    descriptionPatch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129653
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129653
    titleFedora 31 : 1:compat-openssl10 (2019-db06efdea1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-db06efdea1.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129653);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/19");
    
      script_cve_id("CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2019-1543", "CVE-2019-1552", "CVE-2019-1559");
      script_xref(name:"FEDORA", value:"2019-db06efdea1");
    
      script_name(english:"Fedora 31 : 1:compat-openssl10 (2019-db06efdea1)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Patch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552,
    CVE-2019-1559.
    
    https://www.openssl.org/news/vulnerabilities.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-db06efdea1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openssl.org/news/vulnerabilities.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:compat-openssl10 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1543");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:compat-openssl10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC31", reference:"compat-openssl10-1.0.2o-8.fc31", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:compat-openssl10");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0210_NODEJS.NASL
    descriptionAn update of the nodejs package has been released.
    last seen2020-03-17
    modified2020-02-26
    plugin id134085
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134085
    titlePhoton OS 2.0: Nodejs PHSA-2020-2.0-0210
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-2.0-0210. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(134085);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02");
    
      script_cve_id("CVE-2018-0734", "CVE-2018-12123");
      script_bugtraq_id(105758, 107512);
    
      script_name(english:"Photon OS 2.0: Nodejs PHSA-2020-2.0-0210");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the nodejs package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-210.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12123");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nodejs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"nodejs-8.17.0-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"nodejs-debuginfo-8.17.0-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"nodejs-devel-8.17.0-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1529.NASL
    descriptionThis update for compat-openssl098 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). - Fixed the
    last seen2020-06-05
    modified2018-12-13
    plugin id119641
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119641
    titleopenSUSE Security Update : compat-openssl098 (openSUSE-2018-1529)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1529.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119641);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-8610", "CVE-2018-0734", "CVE-2018-5407");
    
      script_name(english:"openSUSE Security Update : compat-openssl098 (openSUSE-2018-1529)");
      script_summary(english:"Check for the openSUSE-2018-1529 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for compat-openssl098 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2018-0734: Fixed timing vulnerability in DSA
        signature generation (bsc#1113652).
    
      - CVE-2018-5407: Fixed elliptic curve scalar
        multiplication timing attack defenses (bsc#1113534).
    
      - CVE-2016-8610: Adjusted current fix and add missing
        error string (bsc#1110018).
    
      - Fixed the 'One and Done' side-channel attack on RSA
        (bsc#1104789).
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113652"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected compat-openssl098 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0734");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:compat-openssl098-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenssl0_9_8-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"compat-openssl098-debugsource-0.9.8j-27.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libopenssl0_9_8-0.9.8j-27.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libopenssl0_9_8-debuginfo-0.9.8j-27.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libopenssl0_9_8-32bit-0.9.8j-27.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libopenssl0_9_8-debuginfo-32bit-0.9.8j-27.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openssl098-debugsource / libopenssl0_9_8 / etc");
    }
    
  • NASL familyMisc.
    NASL idORACLE_E-BUSINESS_CPU_APR_2019.NASL
    descriptionThe version of Oracle E-Business installed on the remote host is missing the April 2019 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities as noted in the April 2019 Critical Patch Update advisory : - An unspecified flaw exists in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite which allows a remote unauthenticated attacker to compromise Oracle Advanced Outbound Telephony. (CVE-2019-2663) - An unspecified vulnerability in the Oracle Common Applications component of Oracle E-Business Suite which allows a remote unauthenticated attacker to compromise the application. (CVE-2019-2665) - An unspecified flaw exists in the Oracle Applications Framework component of Oracle E-Business Suite which allows a remote attacker with HTTP access to compromise the application. (CVE-2019-2682) In addition, Oracle E-Business is also affected by multiple additional vulnerabilities. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124118
    published2019-04-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124118
    titleOracle E-Business Suite Multiple Vulnerabilities (Apr 2019 CPU)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756) - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
    last seen2020-06-01
    modified2020-06-02
    plugin id124157
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124157
    titleOracle Enterprise Manager Cloud Control (Apr 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1814.NASL
    descriptionThis update for virtualbox to version 6.0.10 fixes the following issues : Security issues fixed : - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865 CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873 CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)
    last seen2020-06-01
    modified2020-06-02
    plugin id127734
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127734
    titleopenSUSE Security Update : virtualbox (openSUSE-2019-1814)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2304.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127710
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127710
    titleRHEL 7 : openssl (RHSA-2019:2304)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_1_1A.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.1a. It is, therefore, affected by a denial of service vulnerability, a cache timing side channel vulnerability, and a microarchitecture timing side channel attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id121385
    published2019-01-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121385
    titleOpenSSL 1.1.1 < 1.1.1a Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idOPENSSL_1_1_0J.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0j. It is, therefore, affected by a denial of service vulnerability, a cache timing side channel vulnerability, and a microarchitecture timing side channel attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id121384
    published2019-01-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121384
    titleOpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-88.NASL
    descriptionThis update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka
    last seen2020-06-01
    modified2020-06-02
    plugin id121415
    published2019-01-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121415
    titleopenSUSE Security Update : nodejs4 (openSUSE-2019-88)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3945-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Non-security issues fixed: Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119299
    published2018-11-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119299
    titleSUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2018:3945-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1547.NASL
    descriptionThis update for virtualbox to version 5.2.24 fixes the following issues : Multiple security issues fixed : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509, CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554, CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446, CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, and CVE-2019-2553 (bsc#1122212). Other issues fixed : - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde - USB: fixed a problem causing failures attaching SuperSpeed devices which report USB version 3.1 (rather than 3.0) on Windows hosts - Audio: added support for surround speaker setups used by Windows 10 Build 1809 - Linux hosts: fixed conflict between Debian and Oracle build desktop files - Linux guests: fixed building drivers on SLES 12.4 - Linux guests: fixed building shared folder driver with older kernels
    last seen2020-06-01
    modified2020-06-02
    plugin id125844
    published2019-06-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125844
    titleopenSUSE Security Update : virtualbox (openSUSE-2019-1547)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-84.NASL
    descriptionThis update for virtualbox version 5.2.24 fixes the following issues : Update fixes multiple vulnerabilities : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509, CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554, CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446, CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, and CVE-2019-2553 (boo#1122212). Non-security issues fixed : - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde - USB: fixed a problem causing failures attaching SuperSpeed devices which report USB version 3.1 (rather than 3.0) on Windows hosts - Audio: added support for surround speaker setups used by Windows 10 Build 1809 - Linux hosts: fixed conflict between Debian and Oracle build desktop files - Linux guests: fixed building drivers on SLES 12.4 - Linux guests: fixed building shared folder driver with older kernels
    last seen2020-03-18
    modified2019-01-28
    plugin id121411
    published2019-01-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121411
    titleopenSUSE Security Update : virtualbox (openSUSE-2019-84)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1943.NASL
    descriptionAccording to the version of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128946
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128946
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2019-1943)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-956.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : - CVE-2018-0734: timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: timing vulnerability in ECDSA signature generation (bsc#1113651). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123386
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123386
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2019-956)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4274-1.NASL
    descriptionThis update for openssl fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). Fixed the
    last seen2020-03-24
    modified2018-12-28
    plugin id119937
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119937
    titleSUSE SLES11 Security Update : openssl (SUSE-SU-2018:4274-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1153.NASL
    descriptionThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. (CVE-2018-0734)
    last seen2020-06-01
    modified2020-06-02
    plugin id123081
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123081
    titleAmazon Linux AMI : openssl (ALAS-2019-1153)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258)
    last seen2020-06-01
    modified2020-06-02
    plugin id125147
    published2019-05-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125147
    titleOracle Enterprise Manager Ops Center (Apr 2019 CPU)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1732.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. (CVE-2018-0734) - A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.(CVE-2018-5407) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126859
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126859
    titleEulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-1732)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1518.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes
    last seen2020-06-05
    modified2018-12-10
    plugin id119547
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119547
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2018-1518)
  • NASL familyMisc.
    NASL idNESSUS_TNS_2018_17.NASL
    descriptionAccording to its self-reported version, the Tenable Nessus application running on the remote host is prior to 7.1.4. It is, therefore, affected by multiple vulnerabilities: - Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id120198
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120198
    titleTenable Nessus < 7.1.4 Multiple Vulnerabilities (TNS-2018-17)
  • NASL familyMisc.
    NASL idNODEJS_2018_NOV.NASL
    descriptionThe version of Node.js installed on the remote host is 6.x prior to 6.15.0, 8.x prior to 8.14.0 or 10.x prior to 10.14.0 or 11.x prior to 11.3.0. Therefore, it is affected by multiple vulnerabilities. - OpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734). - OpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735). - OpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407). - Debugger port 5858 listens on any interface by default CVE-2018-12120). - Denial of Service with large HTTP headers (CVE-2018-12121). - Slowloris HTTP Denial of Service (CVE-2018-12122). - Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123). - HTTP request splitting (CVE-2018-12116). Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id119938
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119938
    titleNode.js multiple vulnerabilities (November 2018 Security Releases).
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2304.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: 0-byte record padding oracle (CVE-2019-1559) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128388
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128388
    titleCentOS 7 : openssl (CESA-2019:2304)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4068-1.NASL
    descriptionThis update for compat-openssl098 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). Fixed the
    last seen2020-04-30
    modified2018-12-13
    plugin id119646
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119646
    titleSUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:4068-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3864-1.NASL
    descriptionThis update for openssl fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). CVE-2018-0737: Corrected the current error detection of the current fix (bsc#1106197). CVE-2016-8610: Adjusted current fix and add missing error string (bsc#1110018). Add missing timing side channel patch for DSA signature generation (bsc#1113742). Fixed the
    last seen2020-06-01
    modified2020-06-02
    plugin id119116
    published2018-11-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119116
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2018:3864-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2218.NASL
    descriptionAccording to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used.(CVE-2019-1547) - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.(CVE-2019-1563) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130680
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130680
    titleEulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3840-1.NASL
    descriptionSamuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as
    last seen2020-06-01
    modified2020-06-02
    plugin id119497
    published2018-12-07
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119497
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)
  • NASL familyWeb Servers
    NASL idOPENSSL_1_0_2Q.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.0.x prior to 1.0.2q. It is, therefore, affected by a denial of service vulnerability and a cache timing side channel vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id121383
    published2019-01-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121383
    titleOpenSSL 1.0.x < 1.0.2q Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_6_43.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.43. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the
    last seen2020-06-01
    modified2020-06-02
    plugin id121227
    published2019-01-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121227
    titleMySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1755.NASL
    descriptionAccording to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. (CVE-2018-0734) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-23
    plugin id126931
    published2019-07-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126931
    titleEulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1755)
  • NASL familyAIX Local Security Checks
    NASL idAIX_OPENSSL_ADVISORY29.NASL
    descriptionThe version of OpenSSL installed on the remote AIX host is affected by a side channel attack information disclosure vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id125707
    published2019-06-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125707
    titleAIX OpenSSL Advisory : openssl_advisory29.asc
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1465.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : - CVE-2018-0734: timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: timing vulnerability in ECDSA signature generation (bsc#1113651). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-11-26
    plugin id119140
    published2018-11-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119140
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2018-1465)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0395-1.NASL
    descriptionThis update for nodejs6 to version 6.16.0 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka
    last seen2020-06-01
    modified2020-06-02
    plugin id122230
    published2019-02-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122230
    titleSUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0395-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-985.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes
    last seen2020-06-01
    modified2020-06-02
    plugin id123402
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123402
    titleopenSUSE Security Update : openssl-1_0_0 (openSUSE-2019-985)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3989-1.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Set TLS version to 0 in msg_callback for record messages to avoid confusing applications (bsc#1100078). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119457
    published2018-12-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119457
    titleSUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2018:3989-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_OPENSSL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - openssl: 0-byte record padding oracle (CVE-2019-1559) - openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
    last seen2020-03-18
    modified2019-08-27
    plugin id128247
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128247
    titleScientific Linux Security Update : openssl on SL7.x x86_64 (20190806)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4355.NASL
    descriptionSeveral local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
    last seen2020-03-28
    modified2018-12-20
    plugin id119792
    published2018-12-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119792
    titleDebian DSA-4355-1 : openssl1.0 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1553-1.NASL
    descriptionThis update for openssl fixes the following issues : CVE-2018-0732: Reject excessively large primes in DH key generation (bsc#1097158) CVE-2018-0734: Timing vulnerability in DSA signature generation (bsc#1113652) CVE-2018-0737: Cache timing vulnerability in RSA Key Generation (bsc#1089039) CVE-2018-5407: Elliptic curve scalar multiplication timing attack defenses (fixes
    last seen2020-06-01
    modified2020-06-02
    plugin id126046
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126046
    titleSUSE SLES12 Security Update : openssl (SUSE-SU-2019:1553-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4348.NASL
    descriptionSeveral local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
    last seen2020-06-01
    modified2020-06-02
    plugin id119313
    published2018-12-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119313
    titleDebian DSA-4348-1 : openssl - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4001-1.NASL
    descriptionThis update for openssl-1_0_0 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-5407: Added elliptic curve scalar multiplication timing attack defenses that fixes
    last seen2020-06-01
    modified2020-06-02
    plugin id120180
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120180
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2018:4001-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_238AE7DEDBA211E8B713B499BAEBFEAF.NASL
    descriptionThe OpenSSL project reports : Timing vulnerability in ECDSA signature generation (CVE-2018-0735): The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key (Low). Timing vulnerability in DSA signature generation (CVE-2018-0734) : Avoid a timing attack that leaks information via a side channel that triggers when a BN is resized. Increasing the size of the BNs prior to doing anything with them suppresses the attack (Low).
    last seen2020-06-01
    modified2020-06-02
    plugin id118496
    published2018-10-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118496
    titleFreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)
  • NASL familyMisc.
    NASL idNESSUS_TNS_2018_16.NASL
    descriptionAccording to its self-reported version, the Tenable Nessus application running on the remote host is 8.x prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id120197
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120197
    titleTenable Nessus < 8.1.1 Multiple Vulnerabilities (TNS-2018-16)
  • NASL familyDatabases
    NASL idMYSQL_8_0_14.NASL
    descriptionThe version of MySQL running on the remote host is 8.0.x prior to 8.0.14. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the
    last seen2020-06-01
    modified2020-06-02
    plugin id121229
    published2019-01-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121229
    titleMySQL 8.0.x < 8.0.14 Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1267.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) - A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.(CVE-2018-5407) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123735
    published2019-04-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123735
    titleEulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1267)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1464.NASL
    descriptionThis update for openssl fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). - Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed : - Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2018-11-26
    plugin id119139
    published2018-11-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119139
    titleopenSUSE Security Update : openssl (openSUSE-2018-1464)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0298_NODEJS.NASL
    descriptionAn update of the nodejs package has been released.
    last seen2020-06-12
    modified2020-06-10
    plugin id137321
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137321
    titlePhoton OS 1.0: Nodejs PHSA-2020-1.0-0298
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3700.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl (1.1.1c). (BZ#1643026) Security Fix(es) : * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * openssl: timing side channel attack in the ECDSA signature generation (CVE-2018-0735) * openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130567
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130567
    titleRHEL 8 : openssl (RHSA-2019:3700)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1362.NASL
    descriptionIf an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable
    last seen2020-06-01
    modified2020-06-02
    plugin id131030
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131030
    titleAmazon Linux 2 : openssl (ALAS-2019-1362)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-234.NASL
    descriptionThis update for nodejs6 to version 6.16.0 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka
    last seen2020-06-01
    modified2020-06-02
    plugin id122418
    published2019-02-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122418
    titleopenSUSE Security Update : nodejs6 (openSUSE-2019-234)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-325-01.NASL
    descriptionNew openssl packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119113
    published2018-11-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119113
    titleSlackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2018-325-01)
  • NASL familyDatabases
    NASL idMYSQL_5_7_25.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.25. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the
    last seen2020-06-01
    modified2020-06-02
    plugin id121228
    published2019-01-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121228
    titleMySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3863-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120166
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120166
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0206_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129941
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129941
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0254_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). (CVE-2018-0735) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132467
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132467
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1654.NASL
    descriptionAccording to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).(CVE-2018-0734) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-06-27
    plugin id126281
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126281
    titleEulerOS 2.0 SP8 : openssl (EulerOS-SA-2019-1654)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3932.NASL
    descriptionUpdated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/ Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131215
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131215
    titleRHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3933.NASL
    descriptionAn update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es) : * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131216
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131216
    titleRHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2008.NASL
    descriptionAccording to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. (CVE-2018-0734) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129201
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129201
    titleEulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2008)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-138.NASL
    descriptionThis update for mysql-community-server to version 5.6.43 fixes the following issues : Security issues fixed : - CVE-2019-2534, CVE-2019-2529, CVE-2019-2482, CVE-2019-2455, CVE-2019-2503, CVE-2019-2537, CVE-2019-2481, CVE-2019-2507, CVE-2019-2531, CVE-2018-0734 (boo#1113652, boo#1122198)
    last seen2020-03-18
    modified2019-02-06
    plugin id121608
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121608
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2019-138)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service vulnerability in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id124169
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124169
    titleOracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2A86F45AFC3C11E8A41400155D006B02.NASL
    descriptionNode.js reports : Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j. We recommend that all Node.js users upgrade to a version listed below as soon as possible. Debugger port 5858 listens on any interface by default (CVE-2018-12120) All versions of Node.js 6 are vulnerable and the severity is HIGH. When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as node --debug=localhost. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. Denial of Service with large HTTP headers (CVE-2018-12121) All versions of 6 and later are vulnerable and the severity is HIGH. By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. The total size of HTTP headers received by Node.js now must not exceed 8192 bytes.
    last seen2020-06-01
    modified2020-06-02
    plugin id119511
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119511
    titleFreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02)
  • NASL familyMisc.
    NASL idVIRTUALBOX_JAN_2019_CPU.NASL
    descriptionThe version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.24 or 6.0.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory : - A denial of service vulnerability in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id121247
    published2019-01-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121247
    titleOracle VM VirtualBox 5.2.x < 5.2.24 / 6.0.x < 6.0.2 (Jan 2019 CPU)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-00C25B9379.NASL
    descriptionPatch for CVE-2018-0737, CVE-2018-0732, CVE-2018-0734, CVE-2019-1552, CVE-2019-1559. https://www.openssl.org/news/vulnerabilities.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129319
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129319
    titleFedora 30 : 1:compat-openssl10 (2019-00c25b9379)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A8FFCFF7EE.NASL
    descriptionMinor update to version 1.1.1a with bug fixes and low impact security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-18
    plugin id121239
    published2019-01-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121239
    titleFedora 29 : 1:openssl (2019-a8ffcff7ee)
  • NASL familyMisc.
    NASL idORACLE_TUXEDO_CPU_APR_2019.NASL
    descriptionThe version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
    last seen2020-06-01
    modified2020-06-02
    plugin id124171
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124171
    titleOracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1153.NASL
    descriptionThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. (CVE-2018-0734)
    last seen2020-03-17
    modified2019-01-25
    plugin id121366
    published2019-01-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121366
    titleAmazon Linux 2 : openssl (ALAS-2019-1153)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3866-1.NASL
    descriptionThis update for openssl fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack defenses (bsc#1113534). Add missing timing side channel patch for DSA signature generation (bsc#1113742). Non-security issues fixed: Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119117
    published2018-11-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119117
    titleSUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:3866-1)

Redhat

advisories
  • rhsa
    idRHSA-2019:2304
  • rhsa
    idRHSA-2019:3700
  • rhsa
    idRHSA-2019:3932
  • rhsa
    idRHSA-2019:3933
  • rhsa
    idRHSA-2019:3935
rpms
  • openssl-1:1.0.2k-19.el7
  • openssl-debuginfo-1:1.0.2k-19.el7
  • openssl-devel-1:1.0.2k-19.el7
  • openssl-libs-1:1.0.2k-19.el7
  • openssl-perl-1:1.0.2k-19.el7
  • openssl-static-1:1.0.2k-19.el7
  • openssl-1:1.1.1c-2.el8
  • openssl-debuginfo-1:1.1.1c-2.el8
  • openssl-debugsource-1:1.1.1c-2.el8
  • openssl-devel-1:1.1.1c-2.el8
  • openssl-libs-1:1.1.1c-2.el8
  • openssl-libs-debuginfo-1:1.1.1c-2.el8
  • openssl-perl-1:1.1.1c-2.el8
  • jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6
  • jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6
  • jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6
  • jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6
  • jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-jansson-0:2.11-20.jbcs.el6
  • jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6
  • jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6
  • jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6
  • jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7
  • jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7
  • jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7
  • jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7
  • jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7
  • jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7
  • jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7
  • jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-jansson-0:2.11-20.jbcs.el7
  • jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7
  • jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7
  • jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7

References