The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103766
http://www.securitytracker.com/id/1040685
https://access.redhat.com/errata/RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3505
https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
https://security.gentoo.org/glsa/201811-21
https://security.netapp.com/advisory/ntap-20180726-0003/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://usn.ubuntu.com/3628-1/
https://usn.ubuntu.com/3628-2/
https://usn.ubuntu.com/3692-1/
https://usn.ubuntu.com/3692-2/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.openssl.org/news/secadv/20180416.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.tenable.com/security/tns-2018-12
https://www.tenable.com/security/tns-2018-13
Source: MITRE
Published: 2018-04-16
Updated: 2019-10-03
Type: CWE-327
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 5.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.2
Severity: MEDIUM
OR
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.0.2b to 1.0.2o (inclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.1.0 to 1.1.0h (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
131216 | RHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop) | Nessus | Red Hat Local Security Checks | medium |
131215 | RHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop) | Nessus | Red Hat Local Security Checks | medium |
131184 | Oracle Enterprise Manager Ops Center (Jan 2019 CPU) | Nessus | Misc. | high |
129653 | Fedora 31 : 1:compat-openssl10 (2019-db06efdea1) | Nessus | Fedora Local Security Checks | medium |
129368 | Fedora 29 : 1:compat-openssl10 (2019-9a0a7c0986) | Nessus | Fedora Local Security Checks | medium |
129319 | Fedora 30 : 1:compat-openssl10 (2019-00c25b9379) | Nessus | Fedora Local Security Checks | medium |
127975 | OracleVM 3.4 : openssl (OVMSA-2019-0040) | Nessus | OracleVM Local Security Checks | medium |
127262 | NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0065) | Nessus | NewStart CGSL Local Security Checks | medium |
126270 | EulerOS 2.0 SP8 : compat-openssl10 (EulerOS-SA-2019-1643) | Nessus | Huawei Local Security Checks | medium |
126046 | SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1553-1) | Nessus | SuSE Local Security Checks | medium |
124999 | EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546) | Nessus | Huawei Local Security Checks | medium |
124903 | EulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400) | Nessus | Huawei Local Security Checks | medium |
123887 | EulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201) | Nessus | Huawei Local Security Checks | medium |
123850 | EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1164) | Nessus | Huawei Local Security Checks | medium |
123512 | Palo Alto Networks PAN-OS 6.1.x <= 6.1.20 / 7.1.x < 7.1.21 / 8.0.x < 8.0.14 / 8.1.x < 8.1.4 Multiple Vulnerabilities (PAN-SA-2018-0015) | Nessus | Palo Alto Local Security Checks | medium |
123323 | openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-753) | Nessus | SuSE Local Security Checks | medium |
122706 | EulerOS Virtualization 2.5.2 : openssl (EulerOS-SA-2019-1084) | Nessus | Huawei Local Security Checks | medium |
122088 | openSUSE Security Update : openssl-1_1 (openSUSE-2019-152) | Nessus | SuSE Local Security Checks | medium |
121975 | Photon OS 2.0: Openssl PHSA-2018-2.0-0078 | Nessus | PhotonOS Local Security Checks | medium |
121848 | Photon OS 1.0: Openssl PHSA-2018-1.0-0149 | Nessus | PhotonOS Local Security Checks | high |
121467 | SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2019:0197-1) | Nessus | SuSE Local Security Checks | medium |
121252 | Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Jan 2019 CPU) | Nessus | CGI abuses | medium |
121225 | Oracle Enterprise Manager Cloud Control (January 2019 CPU) | Nessus | Misc. | high |
121069 | Junos OS: OpenSSL Security Advisories [16 Apr 2018] and [12 June 2018] (JSA10919) | Nessus | Junos Local Security Checks | medium |
120997 | EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009) | Nessus | Huawei Local Security Checks | medium |
120424 | Fedora 28 : 1:openssl (2018-520e4c5b4e) | Nessus | Fedora Local Security Checks | medium |
120198 | Tenable Nessus < 7.1.4 Multiple Vulnerabilities (TNS-2018-17) | Nessus | Misc. | medium |
120115 | SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2018:2965-1) | Nessus | SuSE Local Security Checks | medium |
119909 | EulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1420) | Nessus | Huawei Local Security Checks | medium |
119792 | Debian DSA-4355-1 : openssl1.0 - security update | Nessus | Debian Local Security Checks | medium |
119520 | EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1392) | Nessus | Huawei Local Security Checks | medium |
119313 | Debian DSA-4348-1 : openssl - security update | Nessus | Debian Local Security Checks | medium |
119275 | GLSA-201811-21 : OpenSSL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
119194 | Scientific Linux Security Update : openssl on SL7.x x86_64 (20181030) | Nessus | Scientific Linux Local Security Checks | medium |
119116 | SUSE SLES12 Security Update : openssl (SUSE-SU-2018:3864-1) | Nessus | SuSE Local Security Checks | medium |
119074 | EulerOS Virtualization 2.5.1 : openssl (EulerOS-SA-2018-1383) | Nessus | Huawei Local Security Checks | medium |
118998 | CentOS 7 : openssl (CESA-2018:3221) | Nessus | CentOS Local Security Checks | medium |
118937 | Node.js Multiple Vulnerabilities (August 2018 Security Releases) | Nessus | Misc. | medium |
118777 | Oracle Linux 7 : openssl (ELSA-2018-3221) | Nessus | Oracle Linux Local Security Checks | medium |
118534 | RHEL 7 : openssl (RHSA-2018:3221) | Nessus | Red Hat Local Security Checks | medium |
118399 | Tenable Log Correlation Engine (LCE) < 5.1.1 (TNS-2018-13) | Nessus | Misc. | medium |
118398 | Tenable Nessus < 8.0.0 Multiple Vulnerabilities (TNS-2018-14) | Nessus | Misc. | medium |
118296 | SUSE SLES12 Security Update : openssl (SUSE-SU-2018:2928-2) | Nessus | SuSE Local Security Checks | medium |
118106 | Oracle Linux 7 : openssl (ELSA-2018-4249) | Nessus | Oracle Linux Local Security Checks | medium |
118105 | Oracle Linux 6 : openssl (ELSA-2018-4248) | Nessus | Oracle Linux Local Security Checks | medium |
117977 | openSUSE Security Update : openssl-1_0_0 (openSUSE-2018-1110) | Nessus | SuSE Local Security Checks | medium |
117891 | Fedora 27 : 1:openssl (2018-02a38af202) | Nessus | Fedora Local Security Checks | medium |
117858 | SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:2928-1) | Nessus | SuSE Local Security Checks | medium |
117857 | openSUSE Security Update : openssl (openSUSE-2018-1091) | Nessus | SuSE Local Security Checks | medium |
117749 | EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2018-1306) | Nessus | Huawei Local Security Checks | medium |
117672 | Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12) | Nessus | Misc. | high |
117476 | openSUSE Security Update : compat-openssl098 (openSUSE-2018-997) | Nessus | SuSE Local Security Checks | medium |
117450 | SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:2683-1) | Nessus | SuSE Local Security Checks | medium |
112145 | SUSE SLES12 Security Update : openssl (SUSE-SU-2018:2492-1) | Nessus | SuSE Local Security Checks | medium |
112120 | OpenSSL 1.1.0 < 1.1.0i Multiple Vulnerabilities | Nessus | Web Servers | medium |
112119 | OpenSSL 1.0.x < 1.0.2p Multiple Vulnerabilities | Nessus | Web Servers | medium |
112108 | SUSE SLES11 Security Update : openssl (SUSE-SU-2018:2486-1) | Nessus | SuSE Local Security Checks | medium |
111962 | Photon OS 2.0: Openssl PHSA-2018-2.0-0078 (deprecated) | Nessus | PhotonOS Local Security Checks | medium |
111737 | Slackware 14.2 / current : openssl (SSA:2018-226-01) | Nessus | Slackware Local Security Checks | medium |
111390 | Debian DLA-1449-1 : openssl security update | Nessus | Debian Local Security Checks | medium |
111354 | AIX OpenSSL Advisory : openssl_advisory27.asc | Nessus | AIX Local Security Checks | medium |
111275 | Photon OS 1.0 : openssl / libsoup (PhotonOS-PHSA-2018-1.0-0149) (deprecated) | Nessus | PhotonOS Local Security Checks | high |
110878 | EulerOS 2.0 SP3 : openssl110f (EulerOS-SA-2018-1214) | Nessus | Huawei Local Security Checks | medium |
110721 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : OpenSSL vulnerabilities (USN-3692-1) | Nessus | Ubuntu Local Security Checks | medium |
109364 | Amazon Linux 2 : openssl (ALAS-2018-1004) | Nessus | Amazon Linux Local Security Checks | medium |
109200 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : OpenSSL vulnerability (USN-3628-1) | Nessus | Ubuntu Local Security Checks | medium |
109182 | Amazon Linux AMI : openssl (ALAS-2018-1000) | Nessus | Amazon Linux Local Security Checks | medium |
109066 | FreeBSD : OpenSSL -- Cache timing vulnerability (8f353420-4197-11e8-8777-b499baebfeaf) | Nessus | FreeBSD Local Security Checks | medium |