CVE-2018-0734

AST

Medium

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th…

CVSS

5.1

Medium

EPSS

0.05

p89

Published

2018-01-01

Updated

2018-01-01

Description

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Tags · CWE

Crypto

CWE-327

CWE-385

CAPEC-20

CAPEC-97

CAPEC-459

CAPEC-462

CAPEC-473

CAPEC-475

CAPEC-608

CAPEC-614

Affected products

Jbcs-httpd24-aprJbcs-httpd24-aprJbcs-httpd24-apr-utilJbcs-httpd24-apr-utilJbcs-httpd24-brotliJbcs-httpd24-brotliJbcs-httpd24-curlJbcs-httpd24-curlJbcs-httpd24-httpdJbcs-httpd24-httpdJbcs-httpd24-janssonJbcs-httpd24-janssonJbcs-httpd24-mod_cluster-nativeJbcs-httpd24-mod_cluster-nativeJbcs-httpd24-mod_jkJbcs-httpd24-mod_jkJbcs-httpd24-mod_securityJbcs-httpd24-mod_securityJbcs-httpd24-nghttp2Jbcs-httpd24-nghttp2

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: H

High (H)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: N

None (N)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.051 · p89

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1036.001Invalid Code Signature

└ via CAPEC-473 · CWE-327

T1553.002Code Signing

└ via CAPEC-473 · CWE-327

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
jbcs-httpd24-apr		Tracked
jbcs-httpd24-apr		Tracked
jbcs-httpd24-apr-util		Tracked
jbcs-httpd24-apr-util		Tracked
jbcs-httpd24-brotli		Tracked
jbcs-httpd24-brotli		Tracked
jbcs-httpd24-curl		Tracked
jbcs-httpd24-curl		Tracked
jbcs-httpd24-httpd		Tracked
jbcs-httpd24-httpd		Tracked
jbcs-httpd24-jansson		Tracked
jbcs-httpd24-jansson		Tracked
jbcs-httpd24-mod_cluster-native		Tracked
jbcs-httpd24-mod_cluster-native		Tracked
jbcs-httpd24-mod_jk		Tracked
jbcs-httpd24-mod_jk		Tracked
jbcs-httpd24-mod_security		Tracked
jbcs-httpd24-mod_security		Tracked
jbcs-httpd24-nghttp2		Tracked
jbcs-httpd24-nghttp2		Tracked

Source databases

AST

DEB

CVE

RED

UBU

Related vulnerabilities

BDU:2019-01256