Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2018-0734

CVE information

Published

5 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

Share

Description

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)..

CVSSv2.0 Score

Severity
Medium
Base Score
4.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

CVSSv3.1 Score

Severity
Medium
Base Score
5.9/10
Exploit Score
2.2/10
Access Vector
Network
Access Complexity
High
Privileges Required
None
Impact Score
3.6/10
Confidentiality Impact
High
Availability Impact
None
Integrity Impact
None
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Yes
1.0.2 -
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Yes
1.1.0 -
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
6.0.0 -
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
8.0.0 -
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
10.0.0 -
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
  Yes
6.9.0 6.15.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
  Yes
8.9.0 8.14.0
cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Yes
11.0.0 11.3.0
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:
  Yes
- -
cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*
  Yes
3.0 -
cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*
  Yes
4.0 -
cpe:2.3:a:oracle:primavera_p6_professional_project_managemen
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_professional_project_managemen
  Yes
- -
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_professional_project_managemen
  Yes
- -
cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_professional_project_managemen
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_professional_project_managemen
  Yes
17.7 -
cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_professional_project_managemen
  Yes
- -
cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0
  Yes
- -
cpe:2.3:a:oracle:primavera_p6_professional_project_managemen
  Yes
- -

References