Executive Summary

Informations
NameCVE-2018-0732First vendor Publication2018-06-12
VendorCveLast vendor Modification2019-05-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732

CWE : Common Weakness Enumeration

%idName
100 %CWE-320Key Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application35
Os5
Os1

Nessus® Vulnerability Scanner

DateDescription
2019-01-11Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10919.nasl - Type : ACT_GATHER_INFO
2019-01-08Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2019-1009.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-520e4c5b4e.nasl - Type : ACT_GATHER_INFO
2019-01-02Name : Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File : nessus_tns_2018_17.nasl - Type : ACT_GATHER_INFO
2018-12-28Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1420.nasl - Type : ACT_GATHER_INFO
2018-12-20Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4355.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1392.nasl - Type : ACT_GATHER_INFO
2018-12-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4348.nasl - Type : ACT_GATHER_INFO
2018-11-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-3221.nasl - Type : ACT_GATHER_INFO
2018-11-14Name : Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File : nodejs_2018_aug.nasl - Type : ACT_GATHER_INFO
2018-11-09Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2018-1102.nasl - Type : ACT_GATHER_INFO
2018-11-09Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201811-03.nasl - Type : ACT_GATHER_INFO
2018-11-02Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1098.nasl - Type : ACT_GATHER_INFO
2018-11-02Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL21665601.nasl - Type : ACT_GATHER_INFO
2018-10-26Name : A data aggregation application installed on the remote host is affected by a ...
File : lce_5_1_1.nasl - Type : ACT_GATHER_INFO
2018-10-26Name : Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File : nessus_tns_2018_14.nasl - Type : ACT_GATHER_INFO
2018-10-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-02a38af202.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1306.nasl - Type : ACT_GATHER_INFO
2018-08-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0904e81fa89d11e8afbbbc5ff4f77b71.nasl - Type : ACT_GATHER_INFO
2018-08-21Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-2_0-0084.nasl - Type : ACT_GATHER_INFO
2018-08-15Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-226-01.nasl - Type : ACT_GATHER_INFO
2018-07-30Name : The remote Debian host is missing a security update.
File : debian_DLA-1449.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2018-1214.nasl - Type : ACT_GATHER_INFO
2018-06-13Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c82ecac56e3f11e88777b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/104442
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3984ef0b72831da8...
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ea7abeeabf92b7ac...
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181105-0001/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://www.openssl.org/news/secadv/20180612.txt
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-12
https://www.tenable.com/security/tns-2018-13
https://www.tenable.com/security/tns-2018-14
https://www.tenable.com/security/tns-2018-17
DEBIAN https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
GENTOO https://security.gentoo.org/glsa/201811-03
MISC https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
REDHAT https://access.redhat.com/errata/RHSA-2018:2552
https://access.redhat.com/errata/RHSA-2018:2553
https://access.redhat.com/errata/RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1543
SECTRACK http://www.securitytracker.com/id/1041090
UBUNTU https://usn.ubuntu.com/3692-1/
https://usn.ubuntu.com/3692-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
DateInformations
2019-09-26 12:10:29
  • Multiple Updates
2019-09-25 12:10:22
  • Multiple Updates
2019-09-21 12:04:20
  • Multiple Updates
2019-07-24 12:04:37
  • Multiple Updates
2019-06-19 12:09:38
  • Multiple Updates
2019-05-31 00:19:14
  • Multiple Updates
2019-04-24 05:18:56
  • Multiple Updates
2019-04-24 00:18:54
  • Multiple Updates
2019-02-20 12:09:16
  • Multiple Updates
2019-01-21 05:18:27
  • Multiple Updates
2019-01-17 00:19:17
  • Multiple Updates
2018-12-21 17:19:09
  • Multiple Updates
2018-12-20 17:18:46
  • Multiple Updates
2018-12-01 17:18:58
  • Multiple Updates
2018-11-09 17:19:07
  • Multiple Updates
2018-11-07 17:20:15
  • Multiple Updates
2018-11-06 17:19:36
  • Multiple Updates
2018-10-31 13:21:21
  • Multiple Updates
2018-10-24 17:19:34
  • Multiple Updates
2018-10-17 09:20:21
  • Multiple Updates
2018-10-12 17:19:43
  • Multiple Updates
2018-10-10 12:08:43
  • Multiple Updates
2018-09-19 17:19:51
  • Multiple Updates
2018-08-25 00:20:17
  • Multiple Updates
2018-08-23 17:20:05
  • Multiple Updates
2018-08-10 21:19:51
  • Multiple Updates
2018-07-29 09:19:26
  • Multiple Updates
2018-06-28 09:19:10
  • Multiple Updates
2018-06-15 09:19:16
  • Multiple Updates
2018-06-14 09:19:18
  • Multiple Updates
2018-06-12 17:19:16
  • First insertion