{"containers": {"cna": {"affected": [{"product": "Processors supporting Simultaneous Multi-Threading", "vendor": "N/A", "versions": [{"status": "affected", "version": "N/A"}]}], "datePublic": "2018-11-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T21:06:46.000Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "RHSA-2019:0483", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0483"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"}, {"name": "USN-3840-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3840-1/"}, {"name": "DSA-4355", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4355"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2018-17"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"}, {"name": "GLSA-201903-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2018-16"}, {"name": "45785", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45785/"}, {"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bbbrumley/portsmash"}, {"name": "DSA-4348", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4348"}, {"name": "105897", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105897"}, {"tags": ["x_refsource_MISC"], "url": "https://eprint.iacr.org/2018/1060.pdf"}, {"name": "RHSA-2019:0651", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0651"}, {"name": "RHSA-2019:0652", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0652"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "RHSA-2019:2125", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2125"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "RHSA-2019:3929", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3931", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5407", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Processors supporting Simultaneous Multi-Threading", "version": {"version_data": [{"version_value": "N/A"}]}}]}, "vendor_name": "N/A"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "RHSA-2019:0483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0483"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"name": "https://security.netapp.com/advisory/ntap-20181126-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"}, {"name": "USN-3840-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3840-1/"}, {"name": "DSA-4355", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4355"}, {"name": "https://www.tenable.com/security/tns-2018-17", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-17"}, {"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"}, {"name": "GLSA-201903-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-10"}, {"name": "https://www.tenable.com/security/tns-2018-16", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-16"}, {"name": "45785", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45785/"}, {"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"}, {"name": "https://github.com/bbbrumley/portsmash", "refsource": "MISC", "url": "https://github.com/bbbrumley/portsmash"}, {"name": "DSA-4348", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4348"}, {"name": "105897", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105897"}, {"name": "https://eprint.iacr.org/2018/1060.pdf", "refsource": "MISC", "url": "https://eprint.iacr.org/2018/1060.pdf"}, {"name": "RHSA-2019:0651", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0651"}, {"name": "RHSA-2019:0652", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0652"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "RHSA-2019:2125", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2125"}, {"name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS"}, {"name": "RHSA-2019:3929", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3931", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.232Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2019:0483", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0483"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"}, {"name": "USN-3840-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3840-1/"}, {"name": "DSA-4355", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4355"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2018-17"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"}, {"name": "GLSA-201903-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2018-16"}, {"name": "45785", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45785/"}, {"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bbbrumley/portsmash"}, {"name": "DSA-4348", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4348"}, {"name": "105897", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105897"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://eprint.iacr.org/2018/1060.pdf"}, {"name": "RHSA-2019:0651", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0651"}, {"name": "RHSA-2019:0652", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0652"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "RHSA-2019:2125", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2125"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS"}, {"name": "RHSA-2019:3929", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"name": "RHSA-2019:3933", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"name": "RHSA-2019:3931", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"name": "RHSA-2019:3935", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"name": "RHSA-2019:3932", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2018-5407", "datePublished": "2018-11-15T21:00:00.000Z", "dateReserved": "2018-01-12T00:00:00.000Z", "dateUpdated": "2024-08-05T05:33:44.232Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F608F84-5A94-4DC1-A7B8-E19028F96A40", "versionEndExcluding": "6.14.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "468A9D35-95E1-473B-A5D3-9BD78818F599", "versionEndExcluding": "8.11.4", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "48A01678-361E-4F23-B7D6-41B0C145F491", "versionEndExcluding": "10.9.0", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DF92E05-808F-4D22-BD55-3571BF46889F", "versionEndExcluding": "1.0.2q", "versionStartIncluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "B64CB987-8B48-4B65-BC6A-B39F1F69F4B7", "versionEndExcluding": "1.1.0i", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BB469FA-ECF9-42D8-8CF0-7C8B426FD7B2", "versionEndExcluding": "8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "BD941CDF-8486-43F7-9D98-2B8785B1B139", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDE18990-1FC9-4624-971B-2E87BF0871AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "17C29F2D-CBE6-4E22-98AE-787E939ED161", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2049488-5CE2-4C56-8B0E-BA7C499A7372", "versionEndIncluding": "3.12.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "matchCriteriaId": "81B25011-AEFA-453D-AF1E-5945AB625767", "versionEndIncluding": "4.1.2", "versionStartIncluding": "3.12.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A1E1023-2EB9-4334-9B74-CA71480F71C2", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "84BF6794-2CE6-407F-B8E0-81871AB7B40B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "3F021C23-AB9B-4877-833F-D01359A98762", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F8ED016-32A1-42EE-844E-3E6B2C116B74", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "A046CC2C-445F-4336-8810-930570B4FEC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B52550D1-38F6-4AAC-BE68-487F7D6DB2D8", "versionEndExcluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'."}, {"lang": "es", "value": "SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronizaci\u00f3n mediante un ataques de sincronizaci\u00f3n de canal lateral en la \"contenci\u00f3n de puertos\"."}], "id": "CVE-2018-5407", "lastModified": "2024-11-21T04:08:45.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-15T21:29:00.233", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105897"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0483"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0651"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0652"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2125"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"source": "cret@cert.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://eprint.iacr.org/2018/1060.pdf"}, {"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bbbrumley/portsmash"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"}, {"source": "cret@cert.org", "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3840-1/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4348"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4355"}, {"source": "cret@cert.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45785/"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "cret@cert.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2018-16"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2018-17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105897"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0651"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0652"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3931"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3933"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://eprint.iacr.org/2018/1060.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bbbrumley/portsmash"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201903-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3840-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4355"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45785/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2018-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2018-17"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cret@cert.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE; Cuba), Billy Bob Brumley, Cesar Pereida Garcia, Nicola Tuveri (Tampere University of Technology; Finland), and Sohaib ul Hassan for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3932", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3933", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:0483", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.2k-16.el7_6.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-03-13T00:00:00Z"}, {"advisory": "RHSA-2019:2125", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ovmf-0:20180508-6.gitee3198e672e2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:3931", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2", "package": "openssl", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6", "package": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 6", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7", "package": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 7", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHSA-2019:3929", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8", "package": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws", "product_name": "Red Hat JBoss Web Server 5.2 on RHEL 8", "release_date": "2019-11-20T00:00:00Z"}, {"advisory": "RHBA-2019:1053", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "imgbased-0:1.1.7-0.1.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-08T00:00:00Z"}, {"advisory": "RHBA-2019:1053", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-08T00:00:00Z"}, {"advisory": "RHBA-2019:1053", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.3-0.5.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-08T00:00:00Z"}, {"advisory": "RHBA-2019:1053", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3-20190409.0.el7_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-08T00:00:00Z"}, {"advisory": "RHBA-2019:1088", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "rhvm-appliance-0:4.3-20190409.0.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-05-08T00:00:00Z"}, {"advisory": "RHSA-2019:3935", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "openssl", "product_name": "Text-Only JBCS", "release_date": "2019-11-20T00:00:00Z"}], "bugzilla": {"description": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "id": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information."], "mitigation": {"lang": "en:us", "value": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly."}, "name": "CVE-2018-5407", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2018-10-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-5407\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5407\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt"], "statement": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "threat_severity": "Moderate"}

{}