ID OPENSUSE-2019-88.NASL Type nessus Reporter This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-01-28T00:00:00
Description
This update for nodejs4 fixes the following issues :
Security issues fixed :
CVE-2018-0734: Fixed a timing vulnerability in the DSA
signature generation (bsc#1113652)
CVE-2018-5407: Fixed a hyperthread port content side
channel attack (aka 'PortSmash') (bsc#1113534)
CVE-2018-12120: Fixed that the debugger listens on any
interface by default (bsc#1117625)
CVE-2018-12121: Fixed a denial of Service with large
HTTP headers (bsc#1117626)
CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of
Service (bsc#1117627)
CVE-2018-12123: Fixed hostname spoofing in URL parser
for JavaScript protocol (bsc#1117629)
This update was imported from the SUSE:SLE-12:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-88.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(121415);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2018-0734", "CVE-2018-12116", "CVE-2018-12120", "CVE-2018-12121", "CVE-2018-12122", "CVE-2018-12123", "CVE-2018-5407");
script_name(english:"openSUSE Security Update : nodejs4 (openSUSE-2019-88)");
script_summary(english:"Check for the openSUSE-2019-88 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for nodejs4 fixes the following issues :
Security issues fixed :
- CVE-2018-0734: Fixed a timing vulnerability in the DSA
signature generation (bsc#1113652)
- CVE-2018-5407: Fixed a hyperthread port content side
channel attack (aka 'PortSmash') (bsc#1113534)
- CVE-2018-12120: Fixed that the debugger listens on any
interface by default (bsc#1117625)
- CVE-2018-12121: Fixed a denial of Service with large
HTTP headers (bsc#1117626)
- CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of
Service (bsc#1117627)
- CVE-2018-12116: Fixed HTTP request splitting
(bsc#1117630)
- CVE-2018-12123: Fixed hostname spoofing in URL parser
for JavaScript protocol (bsc#1117629)
This update was imported from the SUSE:SLE-12:Update update project."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113534"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113652"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117625"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117626"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117627"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117629"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117630"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected nodejs4 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs4-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs4-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs4-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:npm4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/15");
script_set_attribute(attribute:"patch_publication_date", value:"2019/01/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/28");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"nodejs4-4.9.1-20.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"nodejs4-debuginfo-4.9.1-20.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"nodejs4-debugsource-4.9.1-20.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"nodejs4-devel-4.9.1-20.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"npm4-4.9.1-20.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs4 / nodejs4-debuginfo / nodejs4-debugsource / nodejs4-devel / etc");
}
{"id": "OPENSUSE-2019-88.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : nodejs4 (openSUSE-2019-88)", "description": "This update for nodejs4 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA\n signature generation (bsc#1113652)\n\n - CVE-2018-5407: Fixed a hyperthread port content side\n channel attack (aka 'PortSmash') (bsc#1113534)\n\n - CVE-2018-12120: Fixed that the debugger listens on any\n interface by default (bsc#1117625)\n\n - CVE-2018-12121: Fixed a denial of Service with large\n HTTP headers (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of\n Service (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting\n (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser\n for JavaScript protocol (bsc#1117629)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "published": "2019-01-28T00:00:00", "modified": "2019-01-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/121415", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=1117625", "https://bugzilla.opensuse.org/show_bug.cgi?id=1117629", "https://bugzilla.opensuse.org/show_bug.cgi?id=1117630", "https://bugzilla.opensuse.org/show_bug.cgi?id=1117627", "https://bugzilla.opensuse.org/show_bug.cgi?id=1117626", "https://bugzilla.opensuse.org/show_bug.cgi?id=1113652", "https://bugzilla.opensuse.org/show_bug.cgi?id=1113534"], "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "type": "nessus", "lastseen": "2021-01-20T12:54:23", "edition": 17, "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310852251", "OPENVAS:1361412562310814516", "OPENVAS:1361412562310852142", "OPENVAS:1361412562310108483", "OPENVAS:1361412562310112410", "OPENVAS:1361412562310814517", "OPENVAS:1361412562310112411", "OPENVAS:1361412562310852311", "OPENVAS:1361412562310108484", "OPENVAS:1361412562310852258"]}, {"type": "nessus", "idList": ["SUSE_SU-2019-0117-1.NASL", "FREEBSD_PKG_2A86F45AFC3C11E8A41400155D006B02.NASL", "AIX_OPENSSL_ADVISORY29.NASL", "PHOTONOS_PHSA-2019-1_0-0257_NODEJS.NASL", "NODEJS_2018_NOV.NASL", "SUSE_SU-2019-0118-1.NASL", "PHOTONOS_PHSA-2020-2_0-0210_NODEJS.NASL", "OPENSUSE-2019-234.NASL", "OPENSUSE-2019-89.NASL", "SUSE_SU-2019-0395-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0088-1", "OPENSUSE-SU-2018:4104-1", "OPENSUSE-SU-2019:0089-1", "OPENSUSE-SU-2018:4050-1", "OPENSUSE-SU-2018:3903-1", "OPENSUSE-SU-2019:0234-1"]}, {"type": "freebsd", "idList": ["2A86F45A-FC3C-11E8-A414-00155D006B02"]}, {"type": "cve", "idList": ["CVE-2018-12123", "CVE-2018-5407", "CVE-2018-0734", "CVE-2018-12121", "CVE-2018-12120", "CVE-2018-12116", "CVE-2018-12122"]}, {"type": "attackerkb", "idList": ["AKB:582044CE-2F01-4946-827F-905B6E3AA2FF"]}, {"type": "f5", "idList": ["F5:K75532331", "F5:K49711130", "F5:K43741620", "F5:K37111863"]}, {"type": "redhat", "idList": ["RHSA-2019:1821", "RHSA-2019:3497", "RHSA-2019:2939"]}, {"type": "hackerone", "idList": ["H1:453513"]}, {"type": "symantec", "idList": ["SMNTC-1490", "SMNTC-105758"]}, {"type": "archlinux", "idList": ["ASA-201812-7", "ASA-201812-8"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY29.ASC"]}, {"type": "slackware", "idList": ["SSA-2018-325-01"]}, {"type": "ubuntu", "idList": ["USN-3840-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DCF842DDD89D1624E7B2FFAA64957639"]}, {"type": "gentoo", "idList": ["GLSA-202003-48"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4348-1:05673", "DEBIAN:DSA-4355-1:1415E"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2304", "ELSA-2019-4754", "ELSA-2019-3497"]}], "modified": "2021-01-20T12:54:23", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-01-20T12:54:23", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-88.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121415);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-12116\", \"CVE-2018-12120\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\", \"CVE-2018-5407\");\n\n script_name(english:\"openSUSE Security Update : nodejs4 (openSUSE-2019-88)\");\n script_summary(english:\"Check for the openSUSE-2019-88 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs4 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA\n signature generation (bsc#1113652)\n\n - CVE-2018-5407: Fixed a hyperthread port content side\n channel attack (aka 'PortSmash') (bsc#1113534)\n\n - CVE-2018-12120: Fixed that the debugger listens on any\n interface by default (bsc#1117625)\n\n - CVE-2018-12121: Fixed a denial of Service with large\n HTTP headers (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of\n Service (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting\n (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser\n for JavaScript protocol (bsc#1117629)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117630\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs4-4.9.1-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs4-debuginfo-4.9.1-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs4-debugsource-4.9.1-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs4-devel-4.9.1-20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"npm4-4.9.1-20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs4 / nodejs4-debuginfo / nodejs4-debugsource / nodejs4-devel / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "121415", "cpe": ["p-cpe:/a:novell:opensuse:nodejs4", "p-cpe:/a:novell:opensuse:nodejs4-debugsource", "p-cpe:/a:novell:opensuse:nodejs4-devel", "p-cpe:/a:novell:opensuse:npm4", "p-cpe:/a:novell:opensuse:nodejs4-debuginfo", "cpe:/o:novell:opensuse:42.3"], "scheme": null, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}
{"openvas": [{"lastseen": "2020-01-31T16:47:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-01-26T00:00:00", "id": "OPENVAS:1361412562310852251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852251", "type": "openvas", "title": "openSUSE: Security Advisory for nodejs4 (openSUSE-SU-2019:0088-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852251\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-12116\", \"CVE-2018-12120\", \"CVE-2018-12121\",\n \"CVE-2018-12122\", \"CVE-2018-12123\", \"CVE-2018-5407\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-26 04:01:52 +0100 (Sat, 26 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for nodejs4 (openSUSE-SU-2019:0088-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0088-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00035.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs4'\n package(s) announced via the openSUSE-SU-2019:0088-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nodejs4 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature\n generation (bsc#1113652)\n\n - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka\n 'PortSmash') (bsc#1113534)\n\n - CVE-2018-12120: Fixed that the debugger listens on any interface by\n default (bsc#1117625)\n\n - CVE-2018-12121: Fixed a denial of Service with large HTTP headers\n (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript\n protocol (bsc#1117629)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-88=1\");\n\n script_tag(name:\"affected\", value:\"nodejs4 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"nodejs4\", rpm:\"nodejs4~4.9.1~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs4-debuginfo\", rpm:\"nodejs4-debuginfo~4.9.1~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs4-debugsource\", rpm:\"nodejs4-debugsource~4.9.1~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs4-devel\", rpm:\"nodejs4-devel~4.9.1~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"npm4\", rpm:\"npm4~4.9.1~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs4-docs\", rpm:\"nodejs4-docs~4.9.1~20.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-02-23T00:00:00", "id": "OPENVAS:1361412562310852311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852311", "type": "openvas", "title": "openSUSE: Security Advisory for nodejs6 (openSUSE-SU-2019:0234-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852311\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-12116\", \"CVE-2018-12120\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\", \"CVE-2018-5407\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-23 04:07:21 +0100 (Sat, 23 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for nodejs6 (openSUSE-SU-2019:0234-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0234-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00052.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs6'\n package(s) announced via the openSUSE-SU-2019:0234-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nodejs6 to version 6.16.0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature\n generation (bsc#1113652)\n\n - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka\n 'PortSmash') (bsc#1113534)\n\n - CVE-2018-12120: Fixed that the debugger listens on any interface by\n default (bsc#1117625)\n\n - CVE-2018-12121: Fixed a denial of Service with large HTTP headers\n (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript\n protocol (bsc#1117629)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-234=1\");\n\n script_tag(name:\"affected\", value:\"nodejs6 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"nodejs6\", rpm:\"nodejs6~6.16.0~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs6-debuginfo\", rpm:\"nodejs6-debuginfo~6.16.0~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs6-debugsource\", rpm:\"nodejs6-debugsource~6.16.0~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs6-devel\", rpm:\"nodejs6-devel~6.16.0~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"npm6\", rpm:\"npm6~6.16.0~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs6-docs\", rpm:\"nodejs6-docs~6.16.0~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-01-29T00:00:00", "id": "OPENVAS:1361412562310852258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852258", "type": "openvas", "title": "openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2019:0089-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852258\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-12116\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-01-29 04:02:32 +0100 (Tue, 29 Jan 2019)\");\n script_name(\"openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2019:0089-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0089-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00039.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs8'\n package(s) announced via the openSUSE-SU-2019:0089-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for nodejs8 to version 8.15.0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-12121: Fixed a Denial of Service with large HTTP headers\n (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript\n protocol (bsc#1117629)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-89=1\");\n\n script_tag(name:\"affected\", value:\"nodejs8 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"nodejs8\", rpm:\"nodejs8~8.15.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs8-debuginfo\", rpm:\"nodejs8-debuginfo~8.15.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs8-debugsource\", rpm:\"nodejs8-debugsource~8.15.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs8-devel\", rpm:\"nodejs8-devel~8.15.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"npm8\", rpm:\"npm8~8.15.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nodejs8-docs\", rpm:\"nodejs8-docs~8.15.0~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-17T14:13:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-12122", "CVE-2018-12121"], "description": "The host is installed with Node.js and is\n prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-11-29T00:00:00", "id": "OPENVAS:1361412562310814517", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814517", "type": "openvas", "title": "Node.js Multiple Vulnerabilities-Nov18 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Node.js Multiple Vulnerabilities-Nov18 (Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nodejs:node.js\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814517\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-29 13:13:28 +0530 (Thu, 29 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Node.js Multiple Vulnerabilities-Nov18 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Node.js and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in Hostname spoofing in URL parser for javascript protocol, If a\n Node.js is using url.parse() to determine the URL hostname, that hostname\n can be spoofed by using a mixed case 'javascript:',\n\n - An error in Slowloris HTTP, An attacker can cause a Denial of Service\n (DoS) by sending headers very slowly keeping HTTP or HTTPS connections\n and associated resources alive for a long period of time and\n\n - Denial of Service with large HTTP headers, By using a combination of many\n requests with maximum sized headers (almost 80 KB per connection), and\n carefully timed completion of the headers, it is possible to cause the\n HTTP server to abort from heap allocation failure.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Node.js All versions prior to 6.15.0,\n 8.14.0, 10.14.0 and 11.3.0 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Node.js version 6.15.0, 8.14.0,\n or 10.14.0, 11.3.0 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_nodejs_detect_macosx.nasl\");\n script_mandatory_keys(\"Nodejs/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nnodejsVer = infos['version'];\nappPath = infos['location'];\n\nif(version_in_range(version:nodejsVer, test_version:\"6.0\", test_version2:\"6.14.0\")){\n fix = \"6.15.0\";\n}\n\nelse if(version_in_range(version:nodejsVer, test_version:\"8.0\", test_version2:\"8.13.0,\")){\n fix = \"8.14.0\";\n}\n\nelse if(version_in_range(version:nodejsVer, test_version:\"10.0\", test_version2:\"10.13.0\")){\n fix = \"10.14.0\";\n}\n\nelse if(version_in_range(version:nodejsVer, test_version:\"11.0\", test_version2:\"11.2.0\")){\n fix = \"11.3.0\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:nodejsVer, fixed_version:fix, install_path:appPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:13:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-12122", "CVE-2018-12121"], "description": "The host is installed with Node.js and is\n prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-11-29T00:00:00", "id": "OPENVAS:1361412562310814516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814516", "type": "openvas", "title": "Node.js Multiple Vulnerabilities-Nov18 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Node.js Multiple Vulnerabilities-Nov18 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nodejs:node.js\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814516\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-29 12:56:10 +0530 (Thu, 29 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Node.js Multiple Vulnerabilities-Nov18 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Node.js and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in Hostname spoofing in URL parser for javascript protocol, If a\n Node.js is using url.parse() to determine the URL hostname, that hostname\n can be spoofed by using a mixed case 'javascript:',\n\n - An error in Slowloris HTTP, An attacker can cause a Denial of Service\n (DoS) by sending headers very slowly keeping HTTP or HTTPS connections\n and associated resources alive for a long period of time and\n\n - Denial of Service with large HTTP headers, By using a combination of many\n requests with maximum sized headers (almost 80 KB per connection), and\n carefully timed completion of the headers, it is possible to cause the\n HTTP server to abort from heap allocation failure.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct denial of service and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"Node.js All versions prior to 6.15.0,\n 8.14.0, 10.14.0 and 11.3.0 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Node.js 6.15.0, 8.14.0,\n or 10.14.0, 11.3.0 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_nodejs_detect_win.nasl\");\n script_mandatory_keys(\"Nodejs/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nnodejsVer = infos['version'];\nappPath = infos['location'];\n\nif(version_in_range(version:nodejsVer, test_version:\"6.0\", test_version2:\"6.14.0\")){\n fix = \"6.15.0\";\n}\n\nelse if(version_in_range(version:nodejsVer, test_version:\"8.0\", test_version2:\"8.13.0,\")){\n fix = \"8.14.0\";\n}\n\nelse if(version_in_range(version:nodejsVer, test_version:\"10.0\", test_version2:\"10.13.0\")){\n fix = \"10.14.0\";\n}\n\nelse if(version_in_range(version:nodejsVer, test_version:\"11.0\", test_version2:\"11.2.0\")){\n fix = \"11.3.0\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:nodejsVer, fixed_version:fix, install_path:appPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310108484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108484", "type": "openvas", "title": "OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181112_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108484\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-5407\");\n script_bugtraq_id(105897);\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 07:48:19 +0100 (Thu, 22 Nov 2018)\");\n script_name(\"OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181112.txt\");\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0cq\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/105897\");\n script_xref(name:\"URL\", value:\"https://eprint.iacr.org/2018/1060.pdf\");\n script_xref(name:\"URL\", value:\"https://github.com/bbbrumley/portsmash\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/45785/\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH,\n has been shown to be vulnerable to a microarchitecture timing side channel attack.\");\n\n script_tag(name:\"impact\", value:\"An attacker with sufficient access to mount local timing attacks\n during ECDSA signature generation could recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0h\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.0i\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nif( version_in_range( version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.0.2q\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310108483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108483", "type": "openvas", "title": "OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181112_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108483\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-5407\");\n script_bugtraq_id(105897);\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 07:48:19 +0100 (Thu, 22 Nov 2018)\");\n script_name(\"OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181112.txt\");\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0cq\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/105897\");\n script_xref(name:\"URL\", value:\"https://eprint.iacr.org/2018/1060.pdf\");\n script_xref(name:\"URL\", value:\"https://github.com/bbbrumley/portsmash\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/45785/\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH,\n has been shown to be vulnerable to a microarchitecture timing side channel attack.\");\n\n script_tag(name:\"impact\", value:\"An attacker with sufficient access to mount local timing attacks\n during ECDSA signature generation could recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0h\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.0i\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nif( version_in_range( version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.0.2q\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112411", "type": "openvas", "title": "OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181030_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112411\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0734\");\n script_bugtraq_id(105758);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:16:23 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i, 1.1.1 and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev, 1.0.2q-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_in_range(version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.0.2q-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112410", "type": "openvas", "title": "OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181030_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112410\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0734\");\n script_bugtraq_id(105758);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:16:23 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i, 1.1.1 and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev, 1.0.2q-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_in_range(version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.0.2q-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T17:40:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-11-26T00:00:00", "id": "OPENVAS:1361412562310852142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852142", "type": "openvas", "title": "openSUSE: Security Advisory for openssl (openSUSE-SU-2018:3903-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852142\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-5407\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-26 15:08:42 +0100 (Mon, 26 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for openssl (openSUSE-SU-2018:3903-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3903-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00046.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the openSUSE-SU-2018:3903-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n\n - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack\n defenses (bsc#1113534).\n\n - Add missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n\n Non-security issues fixed:\n\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1464=1\");\n\n script_tag(name:\"affected\", value:\"openssl on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs\", rpm:\"openssl-cavs~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-cavs-debuginfo\", rpm:\"openssl-cavs-debuginfo~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-devel-32bit\", rpm:\"libopenssl-devel-32bit~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo-32bit\", rpm:\"libopenssl1_0_0-debuginfo-32bit~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.2j~32.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T06:15:33", "description": "This update for nodejs4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed a timing vulnerability in the DSA signature\ngeneration (bsc#1113652)\n\nCVE-2018-5407: Fixed a hyperthread port content side channel attack\n(aka 'PortSmash') (bsc#1113534)\n\nCVE-2018-12120: Fixed that the debugger listens on any interface by\ndefault (bsc#1117625)\n\nCVE-2018-12121: Fixed a denial of Service with large HTTP headers\n(bsc#1117626)\n\nCVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n(bsc#1117627)\n\nCVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\nCVE-2018-12123: Fixed hostname spoofing in URL parser for JavaScript\nprotocol (bsc#1117629)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-22T00:00:00", "title": "SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:npm4", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:nodejs4-devel", "p-cpe:/a:novell:suse_linux:nodejs4", "p-cpe:/a:novell:suse_linux:nodejs4-debuginfo", "p-cpe:/a:novell:suse_linux:nodejs4-debugsource"], "id": "SUSE_SU-2019-0117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121292", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0117-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121292);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:50\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-12116\", \"CVE-2018-12120\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\", \"CVE-2018-5407\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs4 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed a timing vulnerability in the DSA signature\ngeneration (bsc#1113652)\n\nCVE-2018-5407: Fixed a hyperthread port content side channel attack\n(aka 'PortSmash') (bsc#1113534)\n\nCVE-2018-12120: Fixed that the debugger listens on any interface by\ndefault (bsc#1117625)\n\nCVE-2018-12121: Fixed a denial of Service with large HTTP headers\n(bsc#1117626)\n\nCVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n(bsc#1117627)\n\nCVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\nCVE-2018-12123: Fixed hostname spoofing in URL parser for JavaScript\nprotocol (bsc#1117629)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0734/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12122/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12123/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5407/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190117-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55bbd6c4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2019-117=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-117=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-4.9.1-15.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-debuginfo-4.9.1-15.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-debugsource-4.9.1-15.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"nodejs4-devel-4.9.1-15.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"npm4-4.9.1-15.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:15:59", "description": "This update for nodejs6 to version 6.16.0 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed a timing vulnerability in the DSA signature\ngeneration (bsc#1113652)\n\nCVE-2018-5407: Fixed a hyperthread port content side channel attack\n(aka 'PortSmash') (bsc#1113534)\n\nCVE-2018-12120: Fixed that the debugger listens on any interface by\ndefault (bsc#1117625)\n\nCVE-2018-12121: Fixed a denial of Service with large HTTP headers\n(bsc#1117626)\n\nCVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n(bsc#1117627)\n\nCVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\nCVE-2018-12123: Fixed hostname spoofing in URL parser for JavaScript\nprotocol (bsc#1117629)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "title": "SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0395-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:nodejs6-devel", "p-cpe:/a:novell:suse_linux:nodejs6-debugsource", "p-cpe:/a:novell:suse_linux:nodejs6", "p-cpe:/a:novell:suse_linux:npm6", "p-cpe:/a:novell:suse_linux:nodejs6-debuginfo"], "id": "SUSE_SU-2019-0395-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122230", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0395-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122230);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/10 13:51:50\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-12116\", \"CVE-2018-12120\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\", \"CVE-2018-5407\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0395-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs6 to version 6.16.0 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed a timing vulnerability in the DSA signature\ngeneration (bsc#1113652)\n\nCVE-2018-5407: Fixed a hyperthread port content side channel attack\n(aka 'PortSmash') (bsc#1113534)\n\nCVE-2018-12120: Fixed that the debugger listens on any interface by\ndefault (bsc#1117625)\n\nCVE-2018-12121: Fixed a denial of Service with large HTTP headers\n(bsc#1117626)\n\nCVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n(bsc#1117627)\n\nCVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\nCVE-2018-12123: Fixed hostname spoofing in URL parser for JavaScript\nprotocol (bsc#1117629)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0734/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12122/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12123/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5407/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190395-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f969e13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-395=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-395=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2019-395=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-395=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-6.16.0-11.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-debuginfo-6.16.0-11.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-debugsource-6.16.0-11.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-devel-6.16.0-11.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm6-6.16.0-11.21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs6\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:49:10", "description": "This update for nodejs6 to version 6.16.0 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA\n signature generation (bsc#1113652)\n\n - CVE-2018-5407: Fixed a hyperthread port content side\n channel attack (aka 'PortSmash') (bsc#1113534)\n\n - CVE-2018-12120: Fixed that the debugger listens on any\n interface by default (bsc#1117625)\n\n - CVE-2018-12121: Fixed a denial of Service with large\n HTTP headers (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of\n Service (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting\n (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser\n for JavaScript protocol (bsc#1117629)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 15, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-25T00:00:00", "title": "openSUSE Security Update : nodejs6 (openSUSE-2019-234)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "modified": "2019-02-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs6-debugsource", "p-cpe:/a:novell:opensuse:nodejs6-devel", "p-cpe:/a:novell:opensuse:nodejs6-debuginfo", "p-cpe:/a:novell:opensuse:nodejs6", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:npm6"], "id": "OPENSUSE-2019-234.NASL", "href": "https://www.tenable.com/plugins/nessus/122418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-234.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122418);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-12116\", \"CVE-2018-12120\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\", \"CVE-2018-5407\");\n\n script_name(english:\"openSUSE Security Update : nodejs6 (openSUSE-2019-234)\");\n script_summary(english:\"Check for the openSUSE-2019-234 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs6 to version 6.16.0 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA\n signature generation (bsc#1113652)\n\n - CVE-2018-5407: Fixed a hyperthread port content side\n channel attack (aka 'PortSmash') (bsc#1113534)\n\n - CVE-2018-12120: Fixed that the debugger listens on any\n interface by default (bsc#1117625)\n\n - CVE-2018-12121: Fixed a denial of Service with large\n HTTP headers (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of\n Service (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting\n (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser\n for JavaScript protocol (bsc#1117629)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117630\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-6.16.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-debuginfo-6.16.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-debugsource-6.16.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-devel-6.16.0-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"npm6-6.16.0-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs6 / nodejs6-debuginfo / nodejs6-debugsource / nodejs6-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:36:38", "description": "Node.js reports :\n\nUpdates are now available for all active Node.js release lines. These\ninclude fixes for the vulnerabilities identified in the initial\nannouncement. They also include upgrades of Node.js 6 and 8 to OpenSSL\n1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j.\n\nWe recommend that all Node.js users upgrade to a version listed below\nas soon as possible. Debugger port 5858 listens on any interface by\ndefault (CVE-2018-12120) All versions of Node.js 6 are vulnerable and\nthe severity is HIGH. When the debugger is enabled with node --debug\nor node debug, it listens to port 5858 on all interfaces by default.\nThis may allow remote computers to attach to the debug port and\nevaluate arbitrary JavaScript. The default interface is now localhost.\nIt has always been possible to start the debugger on a specific\ninterface, such as node --debug=localhost. The debugger was removed in\nNode.js 8 and replaced with the inspector, so no versions from 8 and\nlater are vulnerable. Denial of Service with large HTTP headers\n(CVE-2018-12121) All versions of 6 and later are vulnerable and the\nseverity is HIGH. By using a combination of many requests with maximum\nsized headers (almost 80 KB per connection), and carefully timed\ncompletion of the headers, it is possible to cause the HTTP server to\nabort from heap allocation failure. Attack potential is mitigated by\nthe use of a load balancer or other proxy layer.\n\nThe total size of HTTP headers received by Node.js now must not exceed\n8192 bytes. 'Slowloris' HTTP Denial of Service (CVE-2018-12122) All\nversions of Node.js 6 and later are vulnerable and the severity is\nLOW. An attacker can cause a Denial of Service (DoS) by sending\nheaders very slowly keeping HTTP or HTTPS connections and associated\nresources alive for a long period of time. Attack potential is\nmitigated by the use of a load balancer or other proxy layer.\n\nA timeout of 40 seconds now applies to servers receiving HTTP headers.\nThis value can be adjusted with server.headersTimeout. Where headers\nare not completely received within this period, the socket is\ndestroyed on the next received chunk. In conjunction with\nserver.setTimeout(), this aids in protecting against excessive\nresource retention and possible Denial of Service. Hostname spoofing\nin URL parser for JavaScript protocol (CVE-2018-12123) All versions of\nNode.js 6 and later are vulnerable and the severity is LOW. If a\nNode.js application is using url.parse() to determine the URL\nhostname, that hostname can be spoofed by using a mixed case\n'javascript:' (e.g. 'javAscript:') protocol (other protocols are not\naffected). If security decisions are made about the URL based on the\nhostname, they may be incorrect. HTTP request splitting\n(CVE-2018-12116) Node.js 6 and 8 are vulnerable and the severity is\nMEDIUM. If Node.js can be convinced to use unsanitized user-provided\nUnicode data for the path option of an HTTP request, then data can be\nprovided which will trigger a second, unexpected, and user-defined\nHTTP request to made to the same server. OpenSSL Timing vulnerability\nin ECDSA signature generation (CVE-2018-0735) The OpenSSL ECDSA\nsignature algorithm has been shown to be vulnerable to a timing\nside-channel attack. An attacker could use variations in the signing\nalgorithm to recover the private key. OpenSSL Timing vulnerability in\nDSA signature generation (CVE-2018-0734) The OpenSSL DSA signature\nalgorithm has been shown to be vulnerable to a timing side-channel\nattack. An attacker could use variations in the signing algorithm to\nrecover the private key. OpenSSL Microarchitecture timing\nvulnerability in ECC scalar multiplication (CVE-2018-5407) OpenSSL ECC\nscalar multiplication, used in e.g. ECDSA and ECDH, has been shown to\nbe vulnerable to a microarchitecture timing side-channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.", "edition": 26, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-10T00:00:00", "title": "FreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-0735", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:node8", "p-cpe:/a:freebsd:freebsd:node6", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:node10", "p-cpe:/a:freebsd:freebsd:node"], "id": "FREEBSD_PKG_2A86F45AFC3C11E8A41400155D006B02.NASL", "href": "https://www.tenable.com/plugins/nessus/119511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119511);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-12116\", \"CVE-2018-12120\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\", \"CVE-2018-5407\");\n\n script_name(english:\"FreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Node.js reports :\n\nUpdates are now available for all active Node.js release lines. These\ninclude fixes for the vulnerabilities identified in the initial\nannouncement. They also include upgrades of Node.js 6 and 8 to OpenSSL\n1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j.\n\nWe recommend that all Node.js users upgrade to a version listed below\nas soon as possible. Debugger port 5858 listens on any interface by\ndefault (CVE-2018-12120) All versions of Node.js 6 are vulnerable and\nthe severity is HIGH. When the debugger is enabled with node --debug\nor node debug, it listens to port 5858 on all interfaces by default.\nThis may allow remote computers to attach to the debug port and\nevaluate arbitrary JavaScript. The default interface is now localhost.\nIt has always been possible to start the debugger on a specific\ninterface, such as node --debug=localhost. The debugger was removed in\nNode.js 8 and replaced with the inspector, so no versions from 8 and\nlater are vulnerable. Denial of Service with large HTTP headers\n(CVE-2018-12121) All versions of 6 and later are vulnerable and the\nseverity is HIGH. By using a combination of many requests with maximum\nsized headers (almost 80 KB per connection), and carefully timed\ncompletion of the headers, it is possible to cause the HTTP server to\nabort from heap allocation failure. Attack potential is mitigated by\nthe use of a load balancer or other proxy layer.\n\nThe total size of HTTP headers received by Node.js now must not exceed\n8192 bytes. 'Slowloris' HTTP Denial of Service (CVE-2018-12122) All\nversions of Node.js 6 and later are vulnerable and the severity is\nLOW. An attacker can cause a Denial of Service (DoS) by sending\nheaders very slowly keeping HTTP or HTTPS connections and associated\nresources alive for a long period of time. Attack potential is\nmitigated by the use of a load balancer or other proxy layer.\n\nA timeout of 40 seconds now applies to servers receiving HTTP headers.\nThis value can be adjusted with server.headersTimeout. Where headers\nare not completely received within this period, the socket is\ndestroyed on the next received chunk. In conjunction with\nserver.setTimeout(), this aids in protecting against excessive\nresource retention and possible Denial of Service. Hostname spoofing\nin URL parser for JavaScript protocol (CVE-2018-12123) All versions of\nNode.js 6 and later are vulnerable and the severity is LOW. If a\nNode.js application is using url.parse() to determine the URL\nhostname, that hostname can be spoofed by using a mixed case\n'javascript:' (e.g. 'javAscript:') protocol (other protocols are not\naffected). If security decisions are made about the URL based on the\nhostname, they may be incorrect. HTTP request splitting\n(CVE-2018-12116) Node.js 6 and 8 are vulnerable and the severity is\nMEDIUM. If Node.js can be convinced to use unsanitized user-provided\nUnicode data for the path option of an HTTP request, then data can be\nprovided which will trigger a second, unexpected, and user-defined\nHTTP request to made to the same server. OpenSSL Timing vulnerability\nin ECDSA signature generation (CVE-2018-0735) The OpenSSL ECDSA\nsignature algorithm has been shown to be vulnerable to a timing\nside-channel attack. An attacker could use variations in the signing\nalgorithm to recover the private key. OpenSSL Timing vulnerability in\nDSA signature generation (CVE-2018-0734) The OpenSSL DSA signature\nalgorithm has been shown to be vulnerable to a timing side-channel\nattack. An attacker could use variations in the signing algorithm to\nrecover the private key. OpenSSL Microarchitecture timing\nvulnerability in ECC scalar multiplication (CVE-2018-5407) OpenSSL ECC\nscalar multiplication, used in e.g. ECDSA and ECDH, has been shown to\nbe vulnerable to a microarchitecture timing side-channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.\"\n );\n # https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdc3667d\"\n );\n # https://vuxml.freebsd.org/freebsd/2a86f45a-fc3c-11e8-a414-00155d006b02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?721f1cad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"node6<6.15.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node8<8.14.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node10<10.14.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node<11.3.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-05T12:02:26", "description": "The version of Node.js installed on the remote host is 6.x prior to 6.15.0, 8.x prior to 8.14.0 or 10.x prior to\n10.14.0 or 11.x prior to 11.3.0. It is, therefore, affected by multiple vulnerabilities.\n\n - OpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734).\n\n - OpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735).\n\n - OpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407).\n\n - Debugger port 5858 listens on any interface by default CVE-2018-12120).\n\n - Denial of Service with large HTTP headers (CVE-2018-12121).\n\n - Slowloris HTTP Denial of Service (CVE-2018-12122).\n\n - Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123).\n\n - HTTP request splitting (CVE-2018-12116).\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.", "edition": 22, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-28T00:00:00", "title": "Node.js Multiple Vulnerabilities (November 2018 Security Releases)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-0735", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "modified": "2018-12-28T00:00:00", "cpe": ["cpe:/a:nodejs:node.js"], "id": "NODEJS_2018_NOV.NASL", "href": "https://www.tenable.com/plugins/nessus/119938", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119938);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/04\");\n\n script_cve_id(\n \"CVE-2018-0734\",\n \"CVE-2018-0735\",\n \"CVE-2018-5407\",\n \"CVE-2018-12116\",\n \"CVE-2018-12120\",\n \"CVE-2018-12121\",\n \"CVE-2018-12122\",\n \"CVE-2018-12123\"\n );\n script_bugtraq_id(\n 105750,\n 105758,\n 105897,\n 106040,\n 106043\n );\n\n script_name(english:\"Node.js Multiple Vulnerabilities (November 2018 Security Releases)\");\n script_summary(english:\"Checks the Node.js version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Node.js - JavaScript run-time environment is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Node.js installed on the remote host is 6.x prior to 6.15.0, 8.x prior to 8.14.0 or 10.x prior to\n10.14.0 or 11.x prior to 11.3.0. It is, therefore, affected by multiple vulnerabilities.\n\n - OpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734).\n\n - OpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735).\n\n - OpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407).\n\n - Debugger port 5858 listens on any interface by default CVE-2018-12120).\n\n - Denial of Service with large HTTP headers (CVE-2018-12121).\n\n - Slowloris HTTP Denial of Service (CVE-2018-12122).\n\n - Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123).\n\n - HTTP request splitting (CVE-2018-12116).\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fdc3667d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Node.js to 6.15 / 8.14.0 / 10.14.0 / 11.3.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12120\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nodejs:node.js\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nodejs_win_installed.nbin\", \"macosx_nodejs_installed.nbin\");\n script_require_keys(\"installed_sw/Node.js\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nwin_local = FALSE;\nif (get_kb_item('SMB/Registry/Enumerated')) win_local = TRUE;\n\napp_info = vcf::get_app_info(app:'Node.js', win_local:win_local);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '6.0.0', 'fixed_version' : '6.15.0' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.14.0' },\n { 'min_version' : '10.0.0', 'fixed_version' : '10.14.0' },\n { 'min_version' : '11.0.0', 'fixed_version' : '11.3.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T18:48:55", "description": "This update for nodejs8 to version 8.15.0 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12121: Fixed a Denial of Service with large HTTP headers\n(bsc#1117626)\n\nCVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n(bsc#1117627)\n\nCVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\nCVE-2018-12123: Fixed hostname spoofing in URL parser for JavaScript\nprotocol (bsc#1117629)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 9, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-01-22T00:00:00", "title": "SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:0118-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "modified": "2019-01-22T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:nodejs8-devel", "p-cpe:/a:novell:suse_linux:nodejs8", "p-cpe:/a:novell:suse_linux:nodejs8-debugsource", "p-cpe:/a:novell:suse_linux:nodejs8-debuginfo", "p-cpe:/a:novell:suse_linux:npm8"], "id": "SUSE_SU-2019-0118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0118-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121293);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-12116\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\");\n\n script_name(english:\"SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:0118-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs8 to version 8.15.0 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12121: Fixed a Denial of Service with large HTTP headers\n(bsc#1117626)\n\nCVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n(bsc#1117627)\n\nCVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n\nCVE-2018-12123: Fixed hostname spoofing in URL parser for JavaScript\nprotocol (bsc#1117629)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12122/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12123/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190118-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?150c7b00\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Web Scripting 15:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-15-2019-118=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-8.15.0-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-debuginfo-8.15.0-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-debugsource-8.15.0-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"nodejs8-devel-8.15.0-3.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"npm8-8.15.0-3.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs8\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:54:25", "description": "This update for nodejs8 to version 8.15.0 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-12121: Fixed a Denial of Service with large\n HTTP headers (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of\n Service (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting\n (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser\n for JavaScript protocol (bsc#1117629)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 11, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-01-29T00:00:00", "title": "openSUSE Security Update : nodejs8 (openSUSE-2019-89)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "modified": "2019-01-29T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:npm8", "p-cpe:/a:novell:opensuse:nodejs8", "p-cpe:/a:novell:opensuse:nodejs8-debuginfo", "p-cpe:/a:novell:opensuse:nodejs8-debugsource", "p-cpe:/a:novell:opensuse:nodejs8-devel"], "id": "OPENSUSE-2019-89.NASL", "href": "https://www.tenable.com/plugins/nessus/121428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-89.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121428);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12116\", \"CVE-2018-12121\", \"CVE-2018-12122\", \"CVE-2018-12123\");\n\n script_name(english:\"openSUSE Security Update : nodejs8 (openSUSE-2019-89)\");\n script_summary(english:\"Check for the openSUSE-2019-89 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs8 to version 8.15.0 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-12121: Fixed a Denial of Service with large\n HTTP headers (bsc#1117626)\n\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of\n Service (bsc#1117627)\n\n - CVE-2018-12116: Fixed HTTP request splitting\n (bsc#1117630)\n\n - CVE-2018-12123: Fixed hostname spoofing in URL parser\n for JavaScript protocol (bsc#1117629)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117630\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs8 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nodejs8-8.15.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nodejs8-debuginfo-8.15.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nodejs8-debugsource-8.15.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"nodejs8-devel-8.15.0-lp150.2.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"npm8-8.15.0-lp150.2.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs8 / nodejs8-debuginfo / nodejs8-debugsource / nodejs8-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T01:08:08", "description": "An update of the nodejs package has been released.", "edition": 14, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-12-31T00:00:00", "title": "Photon OS 1.0: Nodejs PHSA-2019-1.0-0257", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12122", "CVE-2018-12121", "CVE-2019-5737", "CVE-2018-12116"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:nodejs", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0257_NODEJS.NASL", "href": "https://www.tenable.com/plugins/nessus/132525", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0257. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132525);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\n \"CVE-2018-12116\",\n \"CVE-2018-12121\",\n \"CVE-2018-12122\",\n \"CVE-2019-5737\"\n );\n script_bugtraq_id(106043, 107513);\n\n script_name(english:\"Photon OS 1.0: Nodejs PHSA-2019-1.0-0257\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the nodejs package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-257.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12116\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"nodejs-8.11.4-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"nodejs-debuginfo-8.11.4-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"nodejs-devel-8.11.4-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T22:41:35", "description": "An update of the nodejs package has been released.", "edition": 1, "cvss3": {"score": 4.3, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}, "published": "2020-02-26T00:00:00", "title": "Photon OS 2.0: Nodejs PHSA-2020-2.0-0210", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12123", "CVE-2018-0734"], "modified": "2020-02-26T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:nodejs"], "id": "PHOTONOS_PHSA-2020-2_0-0210_NODEJS.NASL", "href": "https://www.tenable.com/plugins/nessus/134085", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0210. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134085);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/02\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-12123\");\n script_bugtraq_id(105758, 107512);\n\n script_name(english:\"Photon OS 2.0: Nodejs PHSA-2020-2.0-0210\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the nodejs package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-210.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"nodejs-8.17.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"nodejs-debuginfo-8.17.0-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"nodejs-devel-8.17.0-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-14T06:16:28", "description": "This update for openssl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n(bsc#1113652).\n\nCVE-2018-5407: Fixed elliptic curve scalar multiplication timing\nattack defenses (bsc#1113534).\n\nAdd missing timing side channel patch for DSA signature generation\n(bsc#1113742).\n\nNon-security issues fixed: Fixed infinite loop in DSA generation with\nincorrect parameters (bsc#1112209).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-11-23T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:3866-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "modified": "2018-11-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssl-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac", "p-cpe:/a:novell:suse_linux:libopenssl-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_0_0", "p-cpe:/a:novell:suse_linux:openssl-debugsource"], "id": "SUSE_SU-2018-3866-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119117", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3866-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119117);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-5407\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:3866-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for openssl fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n(bsc#1113652).\n\nCVE-2018-5407: Fixed elliptic curve scalar multiplication timing\nattack defenses (bsc#1113534).\n\nAdd missing timing side channel patch for DSA signature generation\n(bsc#1113742).\n\nNon-security issues fixed: Fixed infinite loop in DSA generation with\nincorrect parameters (bsc#1112209).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0734/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5407/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183866-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?272b53d7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-2760=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2760=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-2760=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2760=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-2760=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-2760=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2760=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-2760=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2760=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_0_0-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl-devel-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debuginfo-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"openssl-debugsource-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl-devel-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debuginfo-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"openssl-debugsource-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl-devel-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debuginfo-1.0.2j-60.46.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"openssl-debugsource-1.0.2j-60.46.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2019-01-28T00:05:09", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "This update for nodejs4 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature\n generation (bsc#1113652)\n - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka\n "PortSmash") (bsc#1113534)\n - CVE-2018-12120: Fixed that the debugger listens on any interface by\n default (bsc#1117625)\n - CVE-2018-12121: Fixed a denial of Service with large HTTP headers\n (bsc#1117626)\n - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service\n (bsc#1117627)\n - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript\n protocol (bsc#1117629)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2019-01-25T21:12:46", "published": "2019-01-25T21:12:46", "id": "OPENSUSE-SU-2019:0088-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00035.html", "title": "Security update for nodejs4 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-22T17:12:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "This update for nodejs6 to version 6.16.0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature\n generation (bsc#1113652)\n - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka\n "PortSmash") (bsc#1113534)\n - CVE-2018-12120: Fixed that the debugger listens on any interface by\n default (bsc#1117625)\n - CVE-2018-12121: Fixed a denial of Service with large HTTP headers\n (bsc#1117626)\n - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service\n (bsc#1117627)\n - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript\n protocol (bsc#1117629)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2019-02-22T15:09:11", "published": "2019-02-22T15:09:11", "id": "OPENSUSE-SU-2019:0234-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00052.html", "title": "Security update for nodejs6 (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-28T18:05:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12123", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "This update for nodejs8 to version 8.15.0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-12121: Fixed a Denial of Service with large HTTP headers\n (bsc#1117626)\n - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service\n (bsc#1117627)\n - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript\n protocol (bsc#1117629)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-01-28T15:12:18", "published": "2019-01-28T15:12:18", "id": "OPENSUSE-SU-2019:0089-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00039.html", "title": "Security update for nodejs8 (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-08T17:30:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "This update for openssl-1_0_0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack\n defenses that fixes "PortSmash" (bsc#1113534).\n\n Non-security issues fixed:\n\n - Added missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n - Set TLS version to 0 in msg_callback for record messages to avoid\n confusing applications (bsc#1100078).\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-08T15:08:25", "published": "2018-12-08T15:08:25", "id": "OPENSUSE-SU-2018:4050-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00018.html", "title": "Security update for openssl-1_0_0 (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-24T21:04:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "This update for openssl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack\n defenses (bsc#1113534).\n - Add missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n\n Non-security issues fixed:\n\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2018-11-24T18:18:01", "published": "2018-11-24T18:18:01", "id": "OPENSUSE-SU-2018:3903-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00046.html", "title": "Security update for openssl (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-13T05:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2016-8610"], "description": "This update for compat-openssl098 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack\n defenses (bsc#1113534).\n - CVE-2016-8610: Adjusted current fix and add missing error string\n (bsc#1110018).\n - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-12-13T03:13:21", "published": "2018-12-13T03:13:21", "id": "OPENSUSE-SU-2018:4104-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00026.html", "title": "Security update for compat-openssl098 (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-0735", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "\nNode.js reports:\n\nUpdates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j.\nWe recommend that all Node.js users upgrade to a version listed below as soon as possible.\nDebugger port 5858 listens on any interface by default (CVE-2018-12120)\nAll versions of Node.js 6 are vulnerable and the severity is HIGH. When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as node --debug=localhost. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.\nDenial of Service with large HTTP headers (CVE-2018-12121)\nAll versions of 6 and later are vulnerable and the severity is HIGH. By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\nThe total size of HTTP headers received by Node.js now must not exceed 8192 bytes.\n\"Slowloris\" HTTP Denial of Service (CVE-2018-12122)\nAll versions of Node.js 6 and later are vulnerable and the severity is LOW. An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer.\nA timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service.\nHostname spoofing in URL parser for javascript protocol (CVE-2018-12123)\nAll versions of Node.js 6 and later are vulnerable and the severity is LOW. If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.\nHTTP request splitting (CVE-2018-12116)\nNode.js 6 and 8 are vulnerable and the severity is MEDIUM. If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.\nOpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735)\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side-channel attack. An attacker could use variations in the signing algorithm to recover the private key.\nOpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734)\nThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side-channel attack. An attacker could use variations in the signing algorithm to recover the private key.\nOpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side-channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.\n\n", "edition": 5, "modified": "2018-11-27T00:00:00", "published": "2018-11-27T00:00:00", "id": "2A86F45A-FC3C-11E8-A414-00155D006B02", "href": "https://vuxml.freebsd.org/freebsd/2a86f45a-fc3c-11e8-a414-00155d006b02.html", "title": "node.js -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:25:33", "description": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.", "edition": 7, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-28T17:29:00", "title": "CVE-2018-12120", "type": "cve", "cwe": ["CWE-829"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12120"], "modified": "2019-10-09T23:33:00", "cpe": ["cpe:/a:nodejs:node.js:6.15.0"], "id": "CVE-2018-12120", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12120", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nodejs:node.js:6.15.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:33", "description": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-28T17:29:00", "title": "CVE-2018-12121", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12121"], "modified": "2020-03-20T21:15:00", "cpe": ["cpe:/a:nodejs:node.js:8.14.0", "cpe:/a:joyent:node.js:11.3.0", "cpe:/a:nodejs:node.js:6.15.0", "cpe:/a:nodejs:node.js:10.14.0"], "id": "CVE-2018-12121", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12121", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nodejs:node.js:8.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:joyent:node.js:11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:6.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.14.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:33", "description": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2018-11-28T17:29:00", "title": "CVE-2018-12123", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12123"], "modified": "2020-03-20T21:15:00", "cpe": ["cpe:/a:nodejs:node.js:11.3.0", "cpe:/a:nodejs:node.js:8.14.0", "cpe:/a:nodejs:node.js:6.15.0", "cpe:/a:nodejs:node.js:10.14.0"], "id": "CVE-2018-12123", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12123", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:nodejs:node.js:11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:8.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:6.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.14.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:33", "description": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-28T17:29:00", "title": "CVE-2018-12122", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12122"], "modified": "2020-03-20T21:15:00", "cpe": ["cpe:/o:suse:suse_linux_enterprise_server:12", "cpe:/a:suse:suse_enterprise_storage:4", "cpe:/a:nodejs:node.js:8.14.0", "cpe:/a:joyent:node.js:11.3.0", "cpe:/a:nodejs:node.js:6.15.0", "cpe:/a:nodejs:node.js:10.14.0", "cpe:/o:suse:suse_openstack_cloud:8", "cpe:/o:suse:suse_linux_enterprise_server:15", "cpe:/o:suse:suse_openstack_cloud:7"], "id": "CVE-2018-12122", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12122", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_openstack_cloud:7:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_enterprise_storage:4:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:8.14.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_openstack_cloud:8:*:*:*:*:*:*:*", "cpe:2.3:a:joyent:node.js:11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:6.15.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.14.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:33", "description": "Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-11-28T17:29:00", "title": "CVE-2018-12116", "type": "cve", "cwe": ["CWE-444"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12116"], "modified": "2020-03-20T21:15:00", "cpe": ["cpe:/o:suse:suse_linux_enterprise_server:12", "cpe:/a:suse:suse_enterprise_storage:4", "cpe:/a:nodejs:node.js:8.14.0", "cpe:/a:joyent:node.js:11.3.0", "cpe:/a:nodejs:node.js:6.15.0", "cpe:/a:nodejs:node.js:10.14.0", "cpe:/o:suse:suse_openstack_cloud:8", "cpe:/o:suse:suse_linux_enterprise_server:15", "cpe:/o:suse:suse_openstack_cloud:7"], "id": "CVE-2018-12116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12116", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_openstack_cloud:7:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_enterprise_storage:4:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:8.14.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_openstack_cloud:8:*:*:*:*:*:*:*", "cpe:2.3:a:joyent:node.js:11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:6.15.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.14.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:44", "description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "edition": 22, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-11-15T21:29:00", "title": "CVE-2018-5407", "type": "cve", "cwe": ["CWE-203"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5407"], "modified": "2020-09-18T16:58:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:application_server:1.0.1", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2", "cpe:/a:oracle:mysql_enterprise_backup:4.1.2", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/o:redhat:enterprise_linux_server:7.6", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:oracle:mysql_enterprise_backup:3.12.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12", "cpe:/a:oracle:application_server:0.9.8", "cpe:/a:oracle:application_server:1.0.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-5407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5407", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:29", "description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "edition": 18, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-30T12:29:00", "title": "CVE-2018-0734", "type": "cve", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:primavera_p6_professional_project_management:17.12", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:e-business_suite_technology_stack:1.0.1", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/a:oracle:primavera_p6_professional_project_management:16.1", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:primavera_p6_professional_project_management:18.8", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:openssl:openssl:1.0.2p", "cpe:/a:oracle:e-business_suite_technology_stack:0.9.8", "cpe:/o:netapp:cn1610_firmware:-", "cpe:/a:oracle:primavera_p6_professional_project_management:15.2", "cpe:/a:oracle:mysql_enterprise_backup:4.1.2", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/a:netapp:cloud_backup:-", "cpe:/a:openssl:openssl:1.1.1", "cpe:/a:nodejs:node.js:8.14.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:nodejs:node.js:6.15.1", "cpe:/a:nodejs:node.js:10.14.1", "cpe:/a:netapp:steelstore:-", "cpe:/a:nodejs:node.js:11.4.0", "cpe:/a:oracle:primavera_p6_professional_project_management:16.2", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/a:netapp:storage_automation_store:-", "cpe:/a:oracle:primavera_p6_professional_project_management:15.1", "cpe:/a:openssl:openssl:1.1.0i", "cpe:/a:oracle:mysql_enterprise_backup:3.12.3", "cpe:/a:oracle:primavera_p6_professional_project_management:8.4", "cpe:/a:oracle:e-business_suite_technology_stack:1.0.0", "cpe:/a:netapp:santricity_smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-0734", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0734", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:8.14.0:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:6.15.1:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.14.1:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0i:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "attackerkb": [{"lastseen": "2020-11-18T06:47:30", "bulletinFamily": "info", "cvelist": ["CVE-2018-12122"], "description": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.\n\n \n**Recent assessments:** \n \n**SherlockSec** at March 09, 2020 9:11pm UTC reported:\n\nThis is a Denial of Service CVE, but with a twist. Normally, denial of service attacks consist of flooding a server with enough traffic so that it ceases to operate. This CVE is different, as it is a Slowloris DoS. Slowloris DoS attacks hang a server by opening as many threads as possible before waiting the max amount of time that they can before sending data. When they finally send data, they send as small of an amount of data as the server will allow. This keeps all the threads open for as long as possible, meaning no new connections can be opened, thus causing a denial of service. For a more detailed explanation of a Slowloris attack, please see the following video: <https://www.youtube.com/watch?v=XiFkyR35v2Y> .\n\nThis particular CVE affects all versions of Node.JS prior to 6.15.0, 8.14.0, 10.14.0 and 11.3.0. Node patched this by applying a 40 second timeout to servers receiving HTTP headers, and can be customized. As a patch has been released, please patch accordingly.\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3\n", "modified": "2020-07-23T00:00:00", "published": "2018-11-28T00:00:00", "id": "AKB:582044CE-2F01-4946-827F-905B6E3AA2FF", "href": "https://attackerkb.com/topics/uxTqJbOByi/cve-2018-12122", "type": "attackerkb", "title": "CVE-2018-12122", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:39:32", "bulletinFamily": "software", "cvelist": ["CVE-2018-12120"], "description": "\nF5 Product Development has assigned ID 726327 (BIG-IP) and ID 752882 (BIG-IQ) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H37111863 on the **Diagnostics** > **Identified** > **High** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | 15.0.0 | High | [7.7](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L>) | iRulesLX use with the NodeJS2 \n14.x | 14.0.0 - 14.1.0 | 14.1.0.6 \n13.x | 13.1.0 - 13.1.1 | 13.1.1.5 \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.0.1 | 6.1.0 | High | [7.7](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L>) | iRulesLX use with the NodeJS2 \n5.x | 5.2.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2The BIG-IP component contains the affected code, but will not be active in a default or standard configuration unless iRulesLX is provisioned. The configuration to exploit this vulnerability requires that a BIG-IP system is running NodeJS v6.x and the extension configurations include **-debug**.\n\n**Note**: By default, the BIG-IP system does not listen on port 5858; the port is chosen from a range of high ports.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Permit management access to F5 products only over a secure network, and limit shell access to only trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 14.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n * Lock down management port access and configure the self IP port lockdown feature to disallow unneeded ports on all self IP addresses. For more information, refer to [K13250: Overview of port lockdown behavior (10.x - 11.x)](<https://support.f5.com/csp/article/K13250>) or [K17333: Overview of port lockdown behavior (12.x - 14.x)](<https://support.f5.com/csp/article/K17333>).\n * F5 recommends that you use the node debugger capabilities on a non-production BIG-IP system.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15113: BIG-IQ hotfix and point release matrix](<https://support.f5.com/csp/article/K15113>)\n * [K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later)](<https://support.f5.com/csp/article/K48955220>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-07-02T17:55:00", "published": "2018-12-15T02:04:00", "id": "F5:K37111863", "href": "https://support.f5.com/csp/article/K37111863", "title": "NodeJS vulnerability CVE-2018-12120", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-06T22:40:06", "bulletinFamily": "software", "cvelist": ["CVE-2018-5407"], "description": "\nF5 Product Development has assigned IDs 751143 and 751152 (BIG-IP), ID 751143-7 (BIG-IQ Centralized Management), ID 751143-8 (F5 iWorkflow), ID 751143-9 (Enterprise Manager), and CPF-25013 and CPF-25014 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | 15.0.0 | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm (LTM SSL profiles, iApps LX, iRules LX, big3d, Configuration utility), CPU \n14.x | 14.0.0 - 14.1.2 | 14.1.2.1 \n13.x | 13.0.0 - 13.1.3 | None \n12.x | 12.1.0 - 12.1.5 | None \n11.x | 11.2.1 - 11.6.5 | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.0.1 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [4.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nVulnerable platforms\n\nBIG-IP\n\n * Virtual Edition\n\nThe following platforms when vCMP guests are deployed:\n\n * VIPRION B2100\n * VIPRION B2150\n * VIPRION B2250\n * VIPRION B4200\n * VIPRION B4300 blade in the 4400(J100) 4-slot chassis\n * VIPRION B4300 blade in the 4480(J102) 4-slot chassis\n * VIPRION B4300 blade in the 4800(S100) 8-slot chassis\n * VIPRION B4450 blade in the 4480(J102) 4-slot chassis\n * VIPRION B4450 blade in the 4800(S100) 8-slot chassis\n * BIG-IP 5200v\n * BIG-IP 5250v\n * BIG-IP 7200v\n * BIG-IP 7250v\n * BIG-IP 7255v\n * BIG-IP 10200v\n * BIG-IP 10250v\n * BIG-IP 10350v\n * BIG-IP 12250v\n * BIG-IP i5800\n * BIG-IP i5820-DF (FIPS)\n * BIG-IP i7800\n * BIG-IP i7820-DF (FIPS)\n * BIG-IP i10800\n * BIG-IP i11400-DS, i11600-DS, i11800-DS\n * BIG-IP i11800\n * BIG-IP i15800\n\nBIG-IQ, F5 iWorkflow, Enterprise Manager, and Traffix\n\n * Virtual Edition/Virtual Platform\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate the vulnerability in multi-tenancy BIG-IP Virtual Clustered Multiprocessing (vCMP) configurations, ensure that all guests are set to at least two **Cores Per Guest**. Similarly, VE systems can be protected if the hypervisor ensures that potentially hostile co-guests cannot be scheduled on the same physical CPU.\n\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-09-24T18:21:00", "published": "2018-11-30T03:19:00", "id": "F5:K49711130", "href": "https://support.f5.com/csp/article/K49711130", "title": "OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407", "type": "f5", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:46", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "\nF5 Product Development has assigned CPF-25030 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x2 | None | Not applicable | Not vulnerable | None | None \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N>) | OpenSSL \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2 BIG-IP 14.1.0 contains the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker would need to be logged in to the affected system with a local administrator account to exploit it.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-12-15T03:22:00", "published": "2018-12-15T03:22:00", "id": "F5:K43741620", "href": "https://support.f5.com/csp/article/K43741620", "title": "OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T22:39:45", "bulletinFamily": "software", "cvelist": ["CVE-2018-12120", "CVE-2019-6644"], "description": "\nF5 Product Development has assigned ID 754103 (BIG-IP) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | Not applicable | High | [7.7](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L>) | iRulesLX \n14.x | 14.1.0 \n14.0.0 | 14.1.0.6 \n14.0.0.5 \n13.x | 13.0.0 - 13.1.2 | 13.1.3 \n12.x | 12.1.3 - 12.1.4 | 12.1.4.1 \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nF5 will not develop a fix for vulnerable products that do not already have a fixed version listed in this article, and will not update this table with subsequent vulnerable releases in the associated branches. F5 recommends that you update to more recent, non-vulnerable versions whenever feasible. For more information, refer to [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Permit management access to F5 products only over a secure network, and limit shell access to only trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 15.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n * Lock down management port access and configure the self IP port lockdown feature to disallow unneeded ports on all self IP addresses. For more information, refer to [K13250: Overview of port lockdown behavior (10.x - 11.x)](<https://support.f5.com/csp/article/K13250>) or [K17333: Overview of port lockdown behavior (12.x - 15.x)](<https://support.f5.com/csp/article/K17333>). **Note**: The default self IP port-lockdown settings block the affected connections on self IP addresses. You must explicitly enable **Allow-All** or have the port on the **Allow** list in order to expose the vulnerability.\n * F5 recommends that you use the node debugger capabilities on a non-production BIG-IP system.\n\n * [K37111863: NodeJS vulnerability CVE-2018-12120](<https://support.f5.com/csp/article/K37111863>)\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-09-27T00:28:00", "published": "2019-08-08T22:53:00", "id": "F5:K75532331", "href": "https://support.f5.com/csp/article/K75532331", "title": "iRulesLX debug NodeJS vulnerability CVE-2019-6644", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12116", "CVE-2018-12121", "CVE-2018-12122", "CVE-2018-12123", "CVE-2018-20834", "CVE-2019-5737"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.0). (BZ#1665986, BZ#1710734)\n\nSecurity Fix(es):\n\n* nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link (CVE-2018-20834)\n\n* nodejs: HTTP request splitting (CVE-2018-12116)\n\n* nodejs: Denial of Service with large HTTP headers (CVE-2018-12121)\n\n* nodejs: Slowloris HTTP Denial of Service (CVE-2018-12122)\n\n* nodejs: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)\n\n* nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass (CVE-2019-5737)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-07-22T17:29:05", "published": "2019-07-22T17:09:06", "id": "RHSA-2019:1821", "href": "https://access.redhat.com/errata/RHSA-2019:1821", "type": "redhat", "title": "(RHSA-2019:1821) Important: rh-nodejs8-nodejs security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-05-26T07:50:25", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12121", "CVE-2018-12122", "CVE-2018-12123", "CVE-2019-5737", "CVE-2019-9511", "CVE-2019-9512", "CVE-2019-9513", "CVE-2019-9514", "CVE-2019-9515", "CVE-2019-9516", "CVE-2019-9517", "CVE-2019-9518"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3).\n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-05-26T11:25:16", "published": "2019-10-01T03:10:11", "id": "RHSA-2019:2939", "href": "https://access.redhat.com/errata/RHSA-2019:2939", "type": "redhat", "title": "(RHSA-2019:2939) Important: rh-nodejs10-nodejs security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-11-08T17:05:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12121"], "description": "The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream.\n\nSecurity Fix(es):\n\n* nodejs: Denial of Service with large HTTP headers (CVE-2018-12121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2019-11-06T00:48:17", "published": "2019-11-05T22:52:33", "id": "RHSA-2019:3497", "href": "https://access.redhat.com/errata/RHSA-2019:3497", "type": "redhat", "title": "(RHSA-2019:3497) Moderate: http-parser security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "hackerone": [{"lastseen": "2020-02-14T00:38:34", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2018-12122"], "description": "**Summary:** Fix for CVE-2018-12122 can be bypassed via keep-alive requests\n\n**Description:**\n\nI'm not a security expert, neither I'm familiar with Node.js core, so please forgive me if this report is inaccurate (and in that case, sorry for your time).\n\nWhile investigating the issue [#515](https://github.com/nodejs/node/issues/24760)I checked out the fix to Fix for CVE-2018-12122 in node 8.14.0 and - according to my tests - the fix can be bypassed using a keep-alive connection.\n\nThe core of the fix is to introduce `headersTimeout`, which is a timeout that destroy the socket if all headers are not received within that timeout. As far as I can see from [this changeset](https://github.com/nodejs/node/commit/696f063c5e), the `parser.parsingHeadersStart` timestamp is set on `connectionListenerInternal()`, reset to zero once the full request headers are received (this is used as a short circuit in `onParserExecute()`) , but it's never set againt to a timestamp once a subsequent request on the same keep-alive connection is received.\n\n## Steps To Reproduce\n\n1. Run an HTTP server and lower `headersTimeout` to 10s for simplicity (faster to test)\n\n```\nconst http = require(\"http\");\n\nconst server = http.createServer((req, res) => {\n res.writeHead(200);\n res.end();\n});\n\nserver.headersTimeout = 10000;\nserver.keepAliveTimeout = 60000;\n\nserver.listen(4050);\n```\n\n2. Connect with `telnet localhost 4050`\n\n3. Send the first request, typing...\n\n```\nGET / HTTP/1.1\nConnection: keep-alive\n\n```\n\n4. Then, once the server response is received, send only the first line of the subsequent request on the same connection:\n\n```\nGET / HTTP/1.1\n```\n\n5. Wait longer than the headersTimeout and send a second header\n\n```\nHost: localhost\n```\n\n6. Wait more time, if you want send further headers, and finally a newline to signal the end of the headers request. The server will **not** destroy the socket / close the connection after 10s (or whatever `headersTimeout` is set to), but will successfully reply.\n\n## Impact\n\nTo my understanding, it has the same impact of `CVE-2018-12122`, but I may also be terribly wrong.\n\n## Supporting Material/References:\n\nN/A\n\n## Impact\n\nIt may DoS a Node.js application.", "modified": "2020-02-13T23:57:13", "published": "2018-12-01T10:03:22", "id": "H1:453513", "href": "https://hackerone.com/reports/453513", "type": "hackerone", "title": "Node.js: Fix for CVE-2018-12122 can be bypassed via keep-alive requests", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "symantec": [{"lastseen": "2020-01-06T12:24:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734"], "description": "### Description\n\nOpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.\n\n### Technologies Affected\n\n * Bluecoat BCAAA 6.1 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM Aix 7.2 \n * IBM DataPower Gateway 2018.4.1.0 \n * IBM DataPower Gateway 2018.4.1.2 \n * IBM DataPower Gateway 2018.4.1.5 \n * IBM DataPower Gateway 2018.4.1.6 \n * IBM DataPower Gateway 2018.4.1.8 \n * IBM DataPower Gateway 7.6.0.0 \n * IBM DataPower Gateway 7.6.0.10 \n * IBM DataPower Gateway 7.6.0.11 \n * IBM DataPower Gateway 7.6.0.12 \n * IBM DataPower Gateway 7.6.0.14 \n * IBM DataPower Gateway 7.6.0.15 \n * IBM DataPower Gateway 7.6.0.17 \n * IBM DataPower Gateway 7.6.0.3 \n * IBM DataPower Gateway 7.6.0.8 \n * IBM DataPower Gateway 7.6.0.9 \n * IBM DataPower Gateways 7.6.0.0 \n * IBM DataPower Gateways 7.6.0.1 \n * IBM DataPower Gateways 7.6.0.5 \n * IBM DataPower Gateways 7.6.0.6 \n * IBM DataPower Gateways 7.6.0.8 \n * IBM Vios 2.2.0 \n * IBM Vios 2.2.0.10 \n * IBM Vios 2.2.0.11 \n * IBM Vios 2.2.0.12 \n * IBM Vios 2.2.0.13 \n * IBM Vios 2.2.1.0 \n * IBM Vios 2.2.1.1 \n * IBM Vios 2.2.1.3 \n * IBM Vios 2.2.1.4 \n * IBM Vios 2.2.1.8 \n * IBM Vios 2.2.1.9 \n * IBM Vios 2.2.2.0 \n * IBM Vios 2.2.2.4 \n * IBM Vios 2.2.2.5 \n * IBM Vios 2.2.2.6 \n * IBM Vios 2.2.3 \n * IBM Vios 2.2.3.0 \n * IBM Vios 2.2.3.2 \n * IBM Vios 2.2.3.3 \n * IBM Vios 2.2.3.4 \n * IBM Vios 2.2.3.50 \n * IBM Vios 2.2.4.0 \n * OpenSSL Project OpenSSL 1.0.2 \n * OpenSSL Project OpenSSL 1.0.2 Beta1 \n * OpenSSL Project OpenSSL 1.0.2-1.0.2o \n * OpenSSL Project OpenSSL 1.0.2a \n * OpenSSL Project OpenSSL 1.0.2b \n * OpenSSL Project OpenSSL 1.0.2c \n * OpenSSL Project OpenSSL 1.0.2d \n * OpenSSL Project OpenSSL 1.0.2e \n * OpenSSL Project OpenSSL 1.0.2f \n * OpenSSL Project OpenSSL 1.0.2g \n * OpenSSL Project OpenSSL 1.0.2h \n * OpenSSL Project OpenSSL 1.0.2i \n * OpenSSL Project OpenSSL 1.0.2j \n * OpenSSL Project OpenSSL 1.0.2k \n * OpenSSL Project OpenSSL 1.0.2l \n * OpenSSL Project OpenSSL 1.0.2l-git \n * OpenSSL Project OpenSSL 1.0.2m \n * OpenSSL Project OpenSSL 1.0.2n \n * OpenSSL Project OpenSSL 1.0.2o \n * OpenSSL Project OpenSSL 1.0.2p \n * OpenSSL Project OpenSSL 1.0.2p-dev \n * OpenSSL Project OpenSSL 1.1.0 \n * OpenSSL Project OpenSSL 1.1.0a \n * OpenSSL Project OpenSSL 1.1.0b \n * OpenSSL Project OpenSSL 1.1.0c \n * OpenSSL Project OpenSSL 1.1.0d \n * OpenSSL Project OpenSSL 1.1.0e \n * OpenSSL Project OpenSSL 1.1.0f \n * OpenSSL Project OpenSSL 1.1.0g \n * OpenSSL Project OpenSSL 1.1.0h \n * OpenSSL Project OpenSSL 1.1.0i \n * OpenSSL Project OpenSSL 1.1.1 \n * Oracle API Gateway 11.1.2.4.0 \n * Oracle E-Business Suite 0.9.8 \n * Oracle E-Business Suite 1.0.0 \n * Oracle E-Business Suite 1.0.1 \n * Oracle Endeca Server 7.7.0 \n * Oracle Enterprise Manager Base Platform 12.1.0.5.0 \n * Oracle Enterprise Manager Base Platform 13.2.0.0.0 \n * Oracle Enterprise Manager Base Platform 13.3.0.0.0 \n * Oracle Enterprise Manager Ops Center 12.3.3 \n * Oracle MySQL Enterprise Backup 3.10.0 \n * Oracle MySQL Enterprise Backup 3.10.1 \n * Oracle MySQL Enterprise Backup 3.12.2 \n * Oracle MySQL Enterprise Backup 3.12.3 \n * Oracle MySQL Enterprise Backup 4.0.1 \n * Oracle MySQL Enterprise Backup 4.0.3 \n * Oracle MySQL Enterprise Backup 4.1.2 \n * Oracle MySQL Server 5.6.15 \n * Oracle MySQL Server 5.6.16 \n * Oracle MySQL Server 5.6.20 \n * Oracle MySQL Server 5.6.21 \n * Oracle MySQL Server 5.6.22 \n * Oracle MySQL Server 5.6.23 \n * Oracle MySQL Server 5.6.24 \n * Oracle MySQL Server 5.6.25 \n * Oracle MySQL Server 5.6.26 \n * Oracle MySQL Server 5.6.27 \n * Oracle MySQL Server 5.6.28 \n * Oracle MySQL Server 5.6.29 \n * Oracle MySQL Server 5.6.30 \n * Oracle MySQL Server 5.6.33 \n * Oracle MySQL Server 5.6.34 \n * Oracle MySQL Server 5.6.35 \n * Oracle MySQL Server 5.6.36 \n * Oracle MySQL Server 5.6.37 \n * Oracle MySQL Server 5.6.38 \n * Oracle MySQL Server 5.6.39 \n * Oracle MySQL Server 5.6.40 \n * Oracle MySQL Server 5.6.41 \n * Oracle MySQL Server 5.6.42 \n * Oracle MySQL Server 5.7.0 \n * Oracle MySQL Server 5.7.12 \n * Oracle MySQL Server 5.7.15 \n * Oracle MySQL Server 5.7.16 \n * Oracle MySQL Server 5.7.17 \n * Oracle MySQL Server 5.7.18 \n * Oracle MySQL Server 5.7.19 \n * Oracle MySQL Server 5.7.20 \n * Oracle MySQL Server 5.7.21 \n * Oracle MySQL Server 5.7.22 \n * Oracle MySQL Server 5.7.23 \n * Oracle MySQL Server 5.7.24 \n * Oracle MySQL Server 8.0.11 \n * Oracle MySQL Server 8.0.12 \n * Oracle MySQL Server 8.0.13 \n * Oracle PeopleSoft Enterprise PeopleTools 8.55 \n * Oracle PeopleSoft Enterprise PeopleTools 8.56 \n * Oracle PeopleSoft Enterprise PeopleTools 8.57 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.12 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.7 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 \n * Oracle Solaris 10 \n * Oracle Solaris 11.3 \n * Oracle Solaris 11.4 \n * Oracle Tuxedo 12.1.1.0.0 \n * Oracle VM VirtualBox 1.6 \n * Oracle VM VirtualBox 1.6.0 \n * Oracle VM VirtualBox 1.6.2 \n * Oracle VM VirtualBox 1.6.4 \n * Oracle VM VirtualBox 1.6.6 \n * Oracle VM VirtualBox 2.0.0 \n * Oracle VM VirtualBox 2.0.10 \n * Oracle VM VirtualBox 2.0.12 \n * Oracle VM VirtualBox 2.0.2 \n * Oracle VM VirtualBox 2.0.4 \n * Oracle VM VirtualBox 2.0.6 \n * Oracle VM VirtualBox 2.0.8 \n * Oracle VM VirtualBox 2.1.0 \n * Oracle VM VirtualBox 2.1.2 \n * Oracle VM VirtualBox 2.1.4 \n * Oracle VM VirtualBox 2.2 \n * Oracle VM VirtualBox 2.2.0 \n * Oracle VM VirtualBox 2.2.2 \n * Oracle VM VirtualBox 2.2.4 \n * Oracle VM VirtualBox 3.0 \n * Oracle VM VirtualBox 3.0.0 \n * Oracle VM VirtualBox 3.0.10 \n * Oracle VM VirtualBox 3.0.12 \n * Oracle VM VirtualBox 3.0.14 \n * Oracle VM VirtualBox 3.0.2 \n * Oracle VM VirtualBox 3.0.4 \n * Oracle VM VirtualBox 3.0.6 \n * Oracle VM VirtualBox 3.0.8 \n * Oracle VM VirtualBox 3.1 \n * Oracle VM VirtualBox 3.1.0 \n * Oracle VM VirtualBox 3.1.2 \n * Oracle VM VirtualBox 3.1.4 \n * Oracle VM VirtualBox 3.1.6 \n * Oracle VM VirtualBox 3.1.8 \n * Oracle VM VirtualBox 3.2 \n * Oracle VM VirtualBox 3.2.0 \n * Oracle VM VirtualBox 3.2.10 \n * Oracle VM VirtualBox 3.2.12 \n * Oracle VM VirtualBox 3.2.14 \n * Oracle VM VirtualBox 3.2.16 \n * Oracle VM VirtualBox 3.2.18 \n * Oracle VM VirtualBox 3.2.19 \n * Oracle VM VirtualBox 3.2.2 \n * Oracle VM VirtualBox 3.2.20 \n * Oracle VM VirtualBox 3.2.21 \n * Oracle VM VirtualBox 3.2.22 \n * Oracle VM VirtualBox 3.2.24 \n * Oracle VM VirtualBox 3.2.25 \n * Oracle VM VirtualBox 3.2.4 \n * Oracle VM VirtualBox 3.2.6 \n * Oracle VM VirtualBox 3.2.8 \n * Oracle VM VirtualBox 3.3 \n * Oracle VM VirtualBox 4.0 \n * Oracle VM VirtualBox 4.0.0 \n * Oracle VM VirtualBox 4.0.10 \n * Oracle VM VirtualBox 4.0.12 \n * Oracle VM VirtualBox 4.0.14 \n * Oracle VM VirtualBox 4.0.16 \n * Oracle VM VirtualBox 4.0.18 \n * Oracle VM VirtualBox 4.0.2 \n * Oracle VM VirtualBox 4.0.20 \n * Oracle VM VirtualBox 4.0.21 \n * Oracle VM VirtualBox 4.0.22 \n * Oracle VM VirtualBox 4.0.23 \n * Oracle VM VirtualBox 4.0.24 \n * Oracle VM VirtualBox 4.0.26 \n * Oracle VM VirtualBox 4.0.27 \n * Oracle VM VirtualBox 4.0.30 \n * Oracle VM VirtualBox 4.0.34 \n * Oracle VM VirtualBox 4.0.35 \n * Oracle VM VirtualBox 4.0.36 \n * Oracle VM VirtualBox 4.0.4 \n * Oracle VM VirtualBox 4.0.6 \n * Oracle VM VirtualBox 4.0.8 \n * Oracle VM VirtualBox 4.1 \n * Oracle VM VirtualBox 4.1.0 \n * Oracle VM VirtualBox 4.1.10 \n * Oracle VM VirtualBox 4.1.14 \n * Oracle VM VirtualBox 4.1.16 \n * Oracle VM VirtualBox 4.1.18 \n * Oracle VM VirtualBox 4.1.2 \n * Oracle VM VirtualBox 4.1.20 \n * Oracle VM VirtualBox 4.1.22 \n * Oracle VM VirtualBox 4.1.24 \n * Oracle VM VirtualBox 4.1.26 \n * Oracle VM VirtualBox 4.1.28 \n * Oracle VM VirtualBox 4.1.29 \n * Oracle VM VirtualBox 4.1.30 \n * Oracle VM VirtualBox 4.1.31 \n * Oracle VM VirtualBox 4.1.32 \n * Oracle VM VirtualBox 4.1.34 \n * Oracle VM VirtualBox 4.1.35 \n * Oracle VM VirtualBox 4.1.38 \n * Oracle VM VirtualBox 4.1.4 \n * Oracle VM VirtualBox 4.1.42 \n * Oracle VM VirtualBox 4.1.43 \n * Oracle VM VirtualBox 4.1.44 \n * Oracle VM VirtualBox 4.1.6 \n * Oracle VM VirtualBox 4.1.8 \n * Oracle VM VirtualBox 4.2 \n * Oracle VM VirtualBox 4.2.0 \n * Oracle VM VirtualBox 4.2.10 \n * Oracle VM VirtualBox 4.2.12 \n * Oracle VM VirtualBox 4.2.14 \n * Oracle VM VirtualBox 4.2.16 \n * Oracle VM VirtualBox 4.2.18 \n * Oracle VM VirtualBox 4.2.19 \n * Oracle VM VirtualBox 4.2.2 \n * Oracle VM VirtualBox 4.2.20 \n * Oracle VM VirtualBox 4.2.22 \n * Oracle VM VirtualBox 4.2.23 \n * Oracle VM VirtualBox 4.2.24 \n * Oracle VM VirtualBox 4.2.26 \n * Oracle VM VirtualBox 4.2.27 \n * Oracle VM VirtualBox 4.2.30 \n * Oracle VM VirtualBox 4.2.34 \n * Oracle VM VirtualBox 4.2.35 \n * Oracle VM VirtualBox 4.2.36 \n * Oracle VM VirtualBox 4.2.4 \n * Oracle VM VirtualBox 4.2.6 \n * Oracle VM VirtualBox 4.2.8 \n * Oracle VM VirtualBox 4.3 \n * Oracle VM VirtualBox 4.3.0 \n * Oracle VM VirtualBox 4.3.10 \n * Oracle VM VirtualBox 4.3.12 \n * Oracle VM VirtualBox 4.3.14 \n * Oracle VM VirtualBox 4.3.15 \n * Oracle VM VirtualBox 4.3.16 \n * Oracle VM VirtualBox 4.3.17 \n * Oracle VM VirtualBox 4.3.18 \n * Oracle VM VirtualBox 4.3.19 \n * Oracle VM VirtualBox 4.3.2 \n * Oracle VM VirtualBox 4.3.20 \n * Oracle VM VirtualBox 4.3.26 \n * Oracle VM VirtualBox 4.3.32 \n * Oracle VM VirtualBox 4.3.33 \n * Oracle VM VirtualBox 4.3.34 \n * Oracle VM VirtualBox 4.3.35 \n * Oracle VM VirtualBox 4.3.36 \n * Oracle VM VirtualBox 4.3.4 \n * Oracle VM VirtualBox 4.3.5 \n * Oracle VM VirtualBox 4.3.6 \n * Oracle VM VirtualBox 4.3.7 \n * Oracle VM VirtualBox 4.3.8 \n * Oracle VM VirtualBox 4.3.9 \n * Oracle VM VirtualBox 5.0 \n * Oracle VM VirtualBox 5.0.10 \n * Oracle VM VirtualBox 5.0.11 \n * Oracle VM VirtualBox 5.0.12 \n * Oracle VM VirtualBox 5.0.13 \n * Oracle VM VirtualBox 5.0.14 \n * Oracle VM VirtualBox 5.0.16 \n * Oracle VM VirtualBox 5.0.18 \n * Oracle VM VirtualBox 5.0.22 \n * Oracle VM VirtualBox 5.0.26 \n * Oracle VM VirtualBox 5.0.28 \n * Oracle VM VirtualBox 5.0.32 \n * Oracle VM VirtualBox 5.0.34 \n * Oracle VM VirtualBox 5.0.38 \n * Oracle VM VirtualBox 5.0.8 \n * Oracle VM VirtualBox 5.0.9 \n * Oracle VM VirtualBox 5.1.10 \n * Oracle VM VirtualBox 5.1.14 \n * Oracle VM VirtualBox 5.1.16 \n * Oracle VM VirtualBox 5.1.20 \n * Oracle VM VirtualBox 5.1.24 \n * Oracle VM VirtualBox 5.1.30 \n * Oracle VM VirtualBox 5.1.32 \n * Oracle VM VirtualBox 5.1.36 \n * Oracle VM VirtualBox 5.1.8 \n * Oracle VM VirtualBox 5.2.0 \n * Oracle VM VirtualBox 5.2.10 \n * Oracle VM VirtualBox 5.2.16 \n * Oracle VM VirtualBox 5.2.18 \n * Oracle VM VirtualBox 5.2.2 \n * Oracle VM VirtualBox 5.2.20 \n * Oracle VM VirtualBox 5.2.22 \n * Oracle VM VirtualBox 5.2.4 \n * Oracle VM VirtualBox 5.2.6 \n * Symantec Director 6.1 \n * Symantec PacketShaper 9.2 \n * Symantec PolicyCenter 9.2 \n * Symantec Security Analytics 7.2 \n * Symantec Security Analytics 7.3 \n * Symantec Security Analytics 8.0 \n * Symantec Web Isolation 1.12 \n * Tenable Nessus 1.0.1 \n * Tenable Nessus 3.0.3 \n * Tenable Nessus 4.0 \n * Tenable Nessus 4.4.1 \n * Tenable Nessus 5.0.2.23205 \n * Tenable Nessus 5.2.3 \n * Tenable Nessus 5.2.4 \n * Tenable Nessus 5.2.7 \n * Tenable Nessus 6.0.0 \n * Tenable Nessus 6.0.1 \n * Tenable Nessus 6.0.2 \n * Tenable Nessus 6.1.0 \n * Tenable Nessus 6.1.1 \n * Tenable Nessus 6.1.2 \n * Tenable Nessus 6.2.0 \n * Tenable Nessus 6.2.1 \n * Tenable Nessus 6.3.0 \n * Tenable Nessus 6.3.1 \n * Tenable Nessus 6.3.2 \n * Tenable Nessus 6.3.3 \n * Tenable Nessus 6.3.4 \n * Tenable Nessus 6.3.5 \n * Tenable Nessus 6.3.6 \n * Tenable Nessus 6.3.7 \n * Tenable Nessus 6.4.0 \n * Tenable Nessus 6.4.1 \n * Tenable Nessus 6.4.2 \n * Tenable Nessus 6.4.3 \n * Tenable Nessus 6.5.0 \n * Tenable Nessus 6.5.1 \n * Tenable Nessus 6.5.2 \n * Tenable Nessus 6.5.3 \n * Tenable Nessus 6.5.4 \n * Tenable Nessus 6.5.5 \n * Tenable Nessus 6.5.6 \n * Tenable Nessus 6.6.0 \n * Tenable Nessus 6.6.1 \n * Tenable Nessus 6.6.2 \n * Tenable Nessus 6.7.0 \n * Tenable Nessus 6.8.0 \n * Tenable Nessus 6.9.0 \n * Tenable Nessus 6.9.1 \n * Tenable Nessus 6.9.2 \n * Tenable Nessus 6.9.3 \n * Tenable Nessus 7.0 \n * Tenable Nessus 7.1.0 \n * Tenable Nessus 7.1.1 \n * Tenable Nessus 7.1.2 \n * Tenable Nessus 7.1.3 \n * Tenable Nessus 7.2.0 \n * Tenable Nessus 7.2.1 \n * Tenable Nessus 7.2.2 \n * Tenable Nessus 8.0.0 \n * Tenable Nessus 8.1.0 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the local nature of this issue, grant only trusted and accountable individuals access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-10-30T00:00:00", "published": "2018-10-30T00:00:00", "id": "SMNTC-105758", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105758", "type": "symantec", "title": "OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-24T10:39:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407", "CVE-2019-1543", "CVE-2019-1552", "CVE-2019-1559"], "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL configuration and executable engine modules.\n\n \n\n### AFFECTED PRODUCTS\n\nBCAAA \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1552, \nCVE-2019-1559 | 6.1 (only when Novell SSO realm is used) | A fix will not be provided. The vulnerable OpenSSL library is in the Novell SSO SDK and an updated Novell SSO SDK is no longer available. Please contact Novell for more information. \n \n \n\nContent Analysis (CA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0735, CVE-2019-1559 | 2.3, 2.4, 3.0, 3.1 | Not available at this time \nCVE-2018-5407 | 2.3, 2.4, 3.0 | Not available at this time \n3.1 | Not vulnerable, fixed in 3.1.0.0. \n \n \n\nDirector \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-5407, \nCVE-2019-1552 | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\nMail Threat Defense (MTD) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0735, CVE-2018-5407, \nCVE-2019-1559 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\nMalware Analysis (MA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5407, CVE-2019-1559 | 4.2 | Upgrade to a version of Content Analysis with fixes. \n \n \n\nManagement Center (MC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-1559 | 2.2 | Upgrade to a later version with fixes. \n2.3 | Upgrade to 2.3.3.1. \n2.4 and later | Not vulnerable, fixed \n \n \n\nPacketShaper (PS) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PacketShaper S-Series with fixes. \n \n \n\nPacketShaper (PS) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407, CVE-2019-1559 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes. \n \n \n\nPolicyCenter (PC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PolicyCenter S-Series with fixes. \n \n \n\nPolicyCenter (PC) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407, CVE-2019-1559 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n \n \n\nReporter \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-1559 | 10.3, 10.4 | Upgrade to a later version with fixes. \n10.5 | Not available at this time \n \n \n\nSecurity Analytics (SA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-5407, \nCVE-2019-1559 | 7.2, 8.1, 8.2 | Not available at this time \n7.3, 8.0 | Upgrade to later version with fixes. \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407 | 1.12 | Upgrade to 1.12.13+250. \n1.13 and later | Not vulnerable, fixed. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nThe following products are not vulnerable: \n**AuthConnector \nCDP for Salesforce \nCDP for ServiceNow \nCDP for Oracle CRM on Demand \nCDP Communication Server \nCDP Integration Server \nGeneral Auth Connector Login Application \nProxyAV \nProxyAV ConLog and ConLogXP \nProxySG \nSymantec HSM Agent for the Luna SP \nUnified Agent \nWSS Agent \nWSS Mobile Agent**\n\nThe following products are under investigation: \n**Advanced Secure Gateway \nCacheFlow \nSSL Visibility \nX-Series XOS**\n\n \n\n### ISSUES\n\nCVE-2018-0734 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105758](<https://www.securityfocus.com/bid/105758>) / NVD: [CVE-2018-0734](<https://nvd.nist.gov/vuln/detail/CVE-2018-0734>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in the DSA signature algorithm implementation allows an attacker to recover DSA private keys. \n \n \n\nCVE-2018-0735 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105750](<https://www.securityfocus.com/bid/105750>) / NVD: [CVE-2018-0735](<https://nvd.nist.gov/vuln/detail/CVE-2018-0735>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in the ECDSA signature algorithm implementation allows an attacker to recover ECDSA private keys. \n \n \n\nCVE-2018-5407 \n--- \n**Severity / CVSSv3** | Medium / 4.7 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105897](<https://www.securityfocus.com/bid/105897>) / NVD: [CVE-2018-5407](<https://nvd.nist.gov/vuln/detail/CVE-2018-5407>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in ECC scalar multiplication, used in ECDSA and ECDH signatures, allows a local attacker to recover ECDSA or ECDH private keys. \n \n \n\nCVE-2019-1543 \n--- \n**Severity / CVSSv3** | High / 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n**References** | SecurityFocus: [BID 107349](<https://www.securityfocus.com/bid/107349>) / NVD: [CVE-2019-1543](<https://nvd.nist.gov/vuln/detail/CVE-2019-1543>) \n**Impact** | Unspecified \n**Description** | An insufficient cryptographic parameter validation fault in the ChaCha20-Poly1305 cipher implementation allows an attacker to compromise data confidentiality and integrity through unspecified vectors. \n \n \n\nCVE-2019-1552 \n--- \n**Severity / CVSSv3** | Low / 3.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n**References** | SecurityFocus: [BID 109443](<https://www.securityfocus.com/bid/109443>) / NVD: [CVE-2019-1552](<https://nvd.nist.gov/vuln/detail/CVE-2019-1552>) \n**Impact** | Unauthorized modification of configuration and executable code \n**Description** | A fault in configuration file specification allows a local attacker to insert malicious CA certificates and modify OpenSSL configuration and executable engine modules. \n \n \n\nCVE-2019-1559 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 107174](<https://www.securityfocus.com/bid/107174>) / NVD: [CVE-2019-1559](<https://nvd.nist.gov/vuln/detail/CVE-2019-1559>) \n**Impact** | Information disclosure \n**Description** | A padding oracle fault in the SSL library allows a remote attacker to decrypt data encrypted inside the SSL tunnel. \n \n \n\n### REFERENCES \n\nOpenSSL Security Advisory [29 October 2018] - <https://www.openssl.org/news/secadv/20181029.txt> \nOpenSSL Security Advisory [30 October 2018] - <https://www.openssl.org/news/secadv/20181030.txt> \nOpenSSL Security Advisory [12 November 2018] - <https://www.openssl.org/news/secadv/20181112.txt> \nOpenSSL Security Advisory [26 February 2019] - <https://www.openssl.org/news/secadv/20190226.txt> \nOpenSSL Security Advisory [6 March 2019] - <https://www.openssl.org/news/secadv/20190306.txt> \nOpenSSL Security Advisory [30 July 2019] - <https://www.openssl.org/news/secadv/20190730.txt> \n \n\n### REVISION \n\n2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is vulnerable to CVE-2018-0735 and CVE-2019-1559. Content Analysis 3.1 is not vulnerable to CVE-2018-5407 because a fix is available in 3.1.0.0. \n2020-04-05 Content Analysis 3.0 is vulnerable to CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. Reporter 10.5 is vulnerable to CVE-2019-1559. Fixes will not be provided for Management Center 2.2 and Reporter 10.3. Please upgrade to a later version with the vulnerability fixes. Security Analytics 8.1 is vulnerable to CVE-2018-0734, CVE-2018-5407, and CVE-2019-1559. \n2020-04-04 PacketShaper S-Series and PolicyCenter S-Series are vulnerable to CVE-2018-0734, CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n2020-01-26 MC 2.4 is not vulnerable because a fix is available in 2.4.1.1. \n2020-01-19 A fix for Malware Analysis will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes. \n2019-10-10 A fix for PacketShaper 9.2 will not be provided. Please upgrade to a version of PacketShaper S-Series with the vulnerability fixes. A fix for PolicyCenter 9.2 will not be provided. Please upgrade to a version of PolicyCenter S-Series with the vulnerability fixes. \n2019-10-07 WI 1.13 is not vulnerable. \n2019-10-04 A fix for MC 2.3 is available in 2.3.3.1. \n2019-09-09 Added SecurityFocus BID for CVE-2019-1552. \n2019-09-05 initial public release\n", "modified": "2020-12-21T21:21:54", "published": "2019-09-05T08:00:00", "id": "SMNTC-1490", "href": "", "type": "symantec", "title": "OpenSSL Vulnerabilities Oct 2018 - Jul 2019", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "Arch Linux Security Advisory ASA-201812-7\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-5407\nPackage : lib32-openssl-1.0\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-806\n\nSummary\n=======\n\nThe package lib32-openssl-1.0 before version 1.0.2.q-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1.0.2.q-1.\n\n# pacman -Syu \"lib32-openssl-1.0>=1.0.2.q-1\"\n\nThe problems have been fixed upstream in version 1.0.2.q.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-5407 (private key recovery)\n\nA vulnerability has been found in the ECC scalar multiplication\nimplementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation,\nused in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private DSA key via a\ntiming attack. In addition, a local attacker might be able to recover a\nprivate ECC key via a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://www.openssl.org/news/secadv/20181112.txt\nhttps://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-5407", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-7", "href": "https://security.archlinux.org/ASA-201812-7", "type": "archlinux", "title": "[ASA-201812-7] lib32-openssl-1.0: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "Arch Linux Security Advisory ASA-201812-8\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-5407\nPackage : openssl-1.0\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-807\n\nSummary\n=======\n\nThe package openssl-1.0 before version 1.0.2.q-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1.0.2.q-1.\n\n# pacman -Syu \"openssl-1.0>=1.0.2.q-1\"\n\nThe problems have been fixed upstream in version 1.0.2.q.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-5407 (private key recovery)\n\nA vulnerability has been found in the ECC scalar multiplication\nimplementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation,\nused in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private DSA key via a\ntiming attack. In addition, a local attacker might be able to recover a\nprivate ECC key via a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://www.openssl.org/news/secadv/20181112.txt\nhttps://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-5407", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-8", "href": "https://security.archlinux.org/ASA-201812-8", "type": "archlinux", "title": "[ASA-201812-8] openssl-1.0: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "New openssl packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded.\n This update fixes a timing side-channel flaw on processors which implement\n SMT/Hyper-Threading architectures, and a side channel attack on DSA\n signature generation that could allow an attacker to recover the private key.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz", "modified": "2018-11-22T06:43:55", "published": "2018-11-22T06:43:55", "id": "SSA-2018-325-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.576913", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "aix": [{"lastseen": "2019-05-29T19:19:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Tue Dec 11 09:37:36 CST 2018\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\n\n\nSecurity Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, \n CVE-2018-5407)\n\n\n===============================================================================\n\nSUMMARY:\n\n There are vulnerabilities in OpenSSL used by AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2018-0734\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive \n information, caused by a timing side channel attack in the DSA \n signature algorithm. An attacker could exploit this vulnerability \n using variations in the signing algorithm to recover the private key.\n CVSS Base Score: 3.7\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/152085 \n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n CVEID: CVE-2018-5407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n DESCRIPTION: Multiple SMT/Hyper-Threading architectures and \n processors could allow a local attacker to obtain sensitive \n information, caused by execution engine sharing on Simultaneous \n Multithreading (SMT) architecture. By using the PortSmash new \n side-channel attack, an attacker could run a malicious process next \n to legitimate processes using the architectures parallel thread \n running capabilities to leak encrypted data from the CPU's internal \n processes. Note: This vulnerability is known as PortSmash.\n CVSS Base Score: 5.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/152484\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector:(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n\n Fileset Lower Level Upper Level KEY\n ------------------------------------------------------\n openssl.base 1.0.2.500 1.0.2.1600 key_w_fs\n openssl.base 20.13.102.1000 20.16.102.1600 key_w_fs\n\n Note:\n A. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are\n advised to upgrade to currently supported OpenSSL 1.0.2 version.\n\n B. Latest level of OpenSSL fileset is available from the web download site:\n https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp&S_PKG=openssl\n \n To find out whether the affected filesets are installed on your systems,\n refer to the lslpp command found in the AIX user's guide.\n\n Example: lslpp -L | grep -i openssl.base\n\n REMEDIATION:\n\n A. FIXES\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n http://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n https://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n\n The links above are to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n Note that the tar file contains Interim fixes that are based on\n OpenSSL version, and AIX OpenSSL fixes are cumulative.\n\n You must be on the 'prereq for installation' level before\n applying the interim fix. This may require installing a new\n level(prereq version) first.\n\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 5.3, 6.1, 7.1, 7.2 102p_fix.181127.epkg.Z openssl.base(1.0.2.1600) key_w_fix\n 5.3, 6.1, 7.1, 7.2 fips_102p.181127.epkg.Z openssl.base(20.16.102.1600) key_w_fix\n\n VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 2.2.x 102p_fix.181127.epkg.Z openssl.base(1.0.2.1600) key_w_fix \n 2.2.x fips_102p.181127.epkg.Z openssl.base(20.16.102.1600) key_w_fix\n\n\n To extract the fixes from the tar file:\n\n tar xvf openssl_fix29.tar\n cd openssl_fix29\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 4f68017e5ff53cb74e0f6e30fc0410193dd1641e7997a5a9e4bc630d47666eaf 102p_fix.181127.epkg.Z key_w_csum\n 42714d3f644d4b3250314721ae2e32f0680fea264f9b358a50f7fe9c07713b38 fips_102p.181127.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Support at\n https://ibm.com/support/ and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n\n B. FIX AND INTERIM FIX INSTALLATION\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n \n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\nftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n\n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734,\n CVE-2018-5407)\n https://www-01.ibm.com/support/docview.wss?uid=ibm10742759\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Tue Dec 11 09:37:36 CST 2018\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will\nultimately impact the Overall CVSS Score. Customers can evaluate the impact\nof this vulnerability in their environments by accessing the links in the\nReference section of this Security Bulletin.\n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the\nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard\ndesigned to convey vulnerability severity and help to determine urgency and\npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY\nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT\nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "edition": 4, "modified": "2018-12-11T09:37:36", "published": "2018-12-11T09:37:36", "id": "OPENSSL_ADVISORY29.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc", "title": "There are vulnerabilities in OpenSSL used by AIX.", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "description": "Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An \nattacker could possibly use this issue to perform a timing side-channel \nattack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An \nattacker could possibly use this issue to perform a timing side-channel \nattack and recover private ECDSA keys. This issue only affected Ubuntu \n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, \nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading \n(SMT) architectures are vulnerable to side-channel leakage. This issue is \nknown as \"PortSmash\". An attacker could possibly use this issue to perform \na timing side-channel attack and recover private keys. (CVE-2018-5407)", "edition": 4, "modified": "2018-12-06T00:00:00", "published": "2018-12-06T00:00:00", "id": "USN-3840-1", "href": "https://ubuntu.com/security/notices/USN-3840-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "description": "# \n\n# Severity\n\nLow\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nSamuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as \u201cPortSmash\u201d. An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407)\n\nCVEs contained in this USN include: CVE-2018-0734, CVE-2018-0735, CVE-2018-5407\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.65\n * 3541.x versions prior to 3541.69\n * 3468.x versions prior to 3468.90\n * 3445.x versions prior to 3445.87\n * 3421.x versions prior to 3421.104\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.14\n * 97.x versions prior to 97.41\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.254.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.46.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.65\n * Upgrade 3541.x versions to 3541.69\n * Upgrade 3468.x versions to 3468.90\n * Upgrade 3445.x versions to 3445.87\n * Upgrade 3421.x versions to 3421.104\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.14\n * Upgrade 97.x versions to 97.41\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.254.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.46.0 or later.\n\n# References\n\n * [USN-3840-1](<https://usn.ubuntu.com/3840-1>)\n * [CVE-2018-0734](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0734>)\n * [CVE-2018-0735](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0735>)\n * [CVE-2018-5407](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5407>)\n", "edition": 3, "modified": "2018-12-27T00:00:00", "published": "2018-12-27T00:00:00", "id": "CFOUNDRY:DCF842DDD89D1624E7B2FFAA64957639", "href": "https://www.cloudfoundry.org/blog/usn-3840-1/", "title": "USN-3840-1: OpenSSL vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2020-03-20T22:36:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7167", "CVE-2018-12123", "CVE-2019-16777", "CVE-2019-15605", "CVE-2018-7164", "CVE-2018-12115", "CVE-2018-7161", "CVE-2019-5739", "CVE-2019-15606", "CVE-2018-12122", "CVE-2018-12121", "CVE-2019-15604", "CVE-2019-5737", "CVE-2018-7162", "CVE-2018-12116"], "description": "### Background\n\nNode.js is a JavaScript runtime built on Chrome\u2019s V8 JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly write arbitrary files, cause a Denial of Service condition or can conduct HTTP request splitting attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Node.js <12.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/nodejs-10.19.0\"\n \n\nAll Node.js 12.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/nodejs-12.15.0\"", "edition": 1, "modified": "2020-03-20T00:00:00", "published": "2020-03-20T00:00:00", "id": "GLSA-202003-48", "href": "https://security.gentoo.org/glsa/202003-48", "title": "Node.js: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2020-09-26T13:05:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0737"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4355-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 19, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl1.0\nCVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407\n\nSeveral local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2q-1~deb9u1. Going forward, openssl1.0 security updates for\nstretch will be based on the 1.0.2x upstream releases.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 19, "modified": "2018-12-19T22:30:16", "published": "2018-12-19T22:30:16", "id": "DEBIAN:DSA-4355-1:1415E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00287.html", "title": "[SECURITY] [DSA 4355-1] openssl1.0 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-15T01:11:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2018-0737"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4348-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 30, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737 \n CVE-2018-5407\n\nSeveral local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 16, "modified": "2018-11-30T22:26:35", "published": "2018-11-30T22:26:35", "id": "DEBIAN:DSA-4348-1:05673", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00280.html", "title": "[SECURITY] [DSA 4348-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-08-19T21:14:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2019-1559"], "description": "[1.0.2k-19.0.1]\n- Bump release for rebuild.\n[1.0.2k-19]\n- close the RSA decryption 9 lives of Bleichenbacher cat\n timing side channel (#1649568)\n[1.0.2k-18]\n- fix CVE-2018-0734 - DSA signature local timing side channel\n- fix CVE-2019-1559 - 0-byte record padding oracle\n- close the RSA decryption One & done EM side channel (#1619558)\n[1.0.2k-17]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local\n timing side-channel key extraction", "edition": 1, "modified": "2019-08-19T00:00:00", "published": "2019-08-19T00:00:00", "id": "ELSA-2019-4754", "href": "http://linux.oracle.com/errata/ELSA-2019-4754.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-14T08:39:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2019-1559"], "description": "[1.0.2k-19.0.1]\n- Bump release for rebuild.\n[1.0.2k-19]\n- close the RSA decryption 9 lives of Bleichenbacher cat\n timing side channel (#1649568)\n[1.0.2k-18]\n- fix CVE-2018-0734 - DSA signature local timing side channel\n- fix CVE-2019-1559 - 0-byte record padding oracle\n- close the RSA decryption One & done EM side channel (#1619558)\n[1.0.2k-17]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local\n timing side-channel key extraction", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2304", "href": "http://linux.oracle.com/errata/ELSA-2019-2304.html", "title": "openssl security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-21T23:29:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12121"], "description": "[2.8.0-5]\n- Resolves: rhbz#1686488: 'make test' fails with stringop-overflow error\n[2.8.0-4]\n- Resolves: rhbz#1666382: CVE-2018-12121 http-parser: nodejs: Denial of\n Service with large HTTP headers [rhel-8]\n[2.8.0-3]\n- spec: make the check phase conditional", "edition": 1, "modified": "2019-11-14T00:00:00", "published": "2019-11-14T00:00:00", "id": "ELSA-2019-3497", "href": "http://linux.oracle.com/errata/ELSA-2019-3497.html", "title": "http-parser security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
