製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache HTTP Server における認可・権限・アクセス制御に関する脆弱性

Title	Apache HTTP Server における認可・権限・アクセス制御に関する脆弱性
Summary	Apache HTTP Server には、認可・権限・アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 1, 2019, midnight
Registration Date	May 15, 2019, 4:50 p.m.
Last Update	May 15, 2019, 4:50 p.m.

CVSS3.0 : 重要
Score	7.8
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS2.0 : 危険
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected System

Apache Software Foundation

Apache HTTP Server 2.4.17 から 2.4.38

Debian

Debian GNU/Linux

Fedora Project

Fedora

Canonical

Ubuntu

openSUSE project

openSUSE Leap

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Apache Mail Archives
1	CVE-2019-0211 applicable to versions 2.2.x?	https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3E
Common Vulnerabilities and Exposures (CVE)
2	CVE-2019-0211	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
National Vulnerability Database (NVD)
3	CVE-2019-0211	https://nvd.nist.gov/vuln/detail/CVE-2019-0211

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Apache httpd 2.4 vulnerabilities
1	important: Apache HTTP Server privilege escalation from modules' scripts (CVE-2019-0211)	https://httpd.apache.org/security/vulnerabilities_24.html
Apache Mail Archives
2	Re: CVE-2019-0211 applicable to versions 2.2.x? (Viewing email #b2bdb308dc015e771ba79c0586b2de6fb50caa98... (and replies):)	https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3E
3	RE: CVE-2019-0211 applicable to versions 2.2.x? (Viewing email #de881a130bc9cb2f3a9ff220784520556884fb8e... (and replies):)	https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E
4	[users@httpd] CVE-2019-0211/0215/0217	https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3E
Changes with Apache
5	Changes with Apache 2.4.39	http://www.apache.org/dist/httpd/CHANGES_2.4.39
Debian Security Advisory
6	DSA-4422	https://www.debian.org/security/2019/dsa-4422
fedoraproject
7	FEDORA-2019-119b14075a	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
8	FEDORA-2019-cf7695b470	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
opensuse-security-announce
9	openSUSE-SU-2019:1190-1	https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
10	openSUSE-SU-2019:1209-1	https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
11	openSUSE-SU-2019:1258-1	https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
Ubuntu Security Notice
12	USN-3937-1	https://usn.ubuntu.com/3937-1/

Change Log

No	Changed Details	Date of change
1	[2019年05月15日] 掲載	May 15, 2019, 4:50 p.m.

NVD Vulnerability Information

CVE-2019-0211

Summary	In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Publication Date	April 9, 2019, 7:29 a.m.
Registration Date	Jan. 26, 2021, 11:37 a.m.
Last Update	Nov. 21, 2024, 1:16 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apache:http_server::::::::		2.4.17	2.4.38

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:28:::::::*
cpe:2.3:o:fedoraproject:fedora:29:::::::*
cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::

Configuration4		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:42.3:::::::*
cpe:2.3:o:opensuse:leap:15.0:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::

Configuration7	or higher	or less	more than	less than
cpe:2.3:a:redhat:software_collections:1.0:::::::*
cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:::::::*

Configuration8	or higher	or less	more than	less than
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html	Broken Link Mailing List Release Notes Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html	Broken Link Mailing List Release Notes Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html	Broken Link Mailing List Release Notes Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html	Broken Link Mailing List Release Notes Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html	Broken Link Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html	Broken Link Third Party Advisory
7	http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html	Third Party Advisory VDB Entry
8	http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html	Third Party Advisory VDB Entry
9	http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html	Exploit Third Party Advisory VDB Entry
10	http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html	Exploit Third Party Advisory VDB Entry
11	http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
12	http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
13	http://www.apache.org/dist/httpd/CHANGES_2.4.39	Broken Link Vendor Advisory
14	http://www.apache.org/dist/httpd/CHANGES_2.4.39	Broken Link Vendor Advisory
15	http://www.openwall.com/lists/oss-security/2019/04/02/3	Mailing List Third Party Advisory
16	http://www.openwall.com/lists/oss-security/2019/04/02/3	Mailing List Third Party Advisory
17	http://www.openwall.com/lists/oss-security/2019/07/26/7	Mailing List
18	http://www.openwall.com/lists/oss-security/2019/07/26/7	Mailing List
19	http://www.securityfocus.com/bid/107666	Broken Link Third Party Advisory VDB Entry
20	http://www.securityfocus.com/bid/107666	Broken Link Third Party Advisory VDB Entry
21	https://access.redhat.com/errata/RHBA-2019:0959	Third Party Advisory
22	https://access.redhat.com/errata/RHBA-2019:0959	Third Party Advisory
23	https://access.redhat.com/errata/RHSA-2019:0746	Third Party Advisory
24	https://access.redhat.com/errata/RHSA-2019:0746	Third Party Advisory
25	https://access.redhat.com/errata/RHSA-2019:0980	Third Party Advisory
26	https://access.redhat.com/errata/RHSA-2019:0980	Third Party Advisory
27	https://access.redhat.com/errata/RHSA-2019:1296	Third Party Advisory
28	https://access.redhat.com/errata/RHSA-2019:1296	Third Party Advisory
29	https://access.redhat.com/errata/RHSA-2019:1297	Third Party Advisory
30	https://access.redhat.com/errata/RHSA-2019:1297	Third Party Advisory
31	https://access.redhat.com/errata/RHSA-2019:1543	Third Party Advisory
32	https://access.redhat.com/errata/RHSA-2019:1543	Third Party Advisory
33	https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
34	https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory
35	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E	Mailing List
36	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E	Mailing List
37	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E	Mailing List
38	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E	Mailing List
39	https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E	Mailing List
40	https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E	Mailing List
41	https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E	Mailing List
42	https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E	Mailing List
43	https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E	Mailing List
44	https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E	Mailing List
45	https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E	Mailing List
46	https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E	Mailing List
47	https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E	Mailing List
48	https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E	Mailing List
49	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E	Mailing List
50	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E	Mailing List
51	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E	Mailing List
52	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E	Mailing List
53	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	Mailing List
54	https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E	Mailing List
55	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E	Mailing List
56	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E	Mailing List
57	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List Patch
58	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List Patch
59	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E	Mailing List
60	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E	Mailing List
61	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
62	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
63	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E	Mailing List
64	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E	Mailing List
65	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E	Mailing List
66	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E	Mailing List
67	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E	Mailing List
68	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E	Mailing List
69	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
70	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
71	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/	Release Notes
72	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/	Release Notes
73	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/	Release Notes
74	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/	Release Notes
75	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/	Release Notes
76	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/	Release Notes
77	https://seclists.org/bugtraq/2019/Apr/16	Mailing List Patch Third Party Advisory
78	https://seclists.org/bugtraq/2019/Apr/16	Mailing List Patch Third Party Advisory
79	https://seclists.org/bugtraq/2019/Apr/5	Mailing List Third Party Advisory
80	https://seclists.org/bugtraq/2019/Apr/5	Mailing List Third Party Advisory
81	https://security.gentoo.org/glsa/201904-20	Third Party Advisory
82	https://security.gentoo.org/glsa/201904-20	Third Party Advisory
83	https://security.netapp.com/advisory/ntap-20190423-0001/	Third Party Advisory
84	https://security.netapp.com/advisory/ntap-20190423-0001/	Third Party Advisory
85	https://support.f5.com/csp/article/K32957101	Third Party Advisory
86	https://support.f5.com/csp/article/K32957101	Third Party Advisory
87	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us	Third Party Advisory
88	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us	Third Party Advisory
89	https://usn.ubuntu.com/3937-1/	Third Party Advisory
90	https://usn.ubuntu.com/3937-1/	Third Party Advisory
91	https://www.debian.org/security/2019/dsa-4422	Mailing List Third Party Advisory
92	https://www.debian.org/security/2019/dsa-4422	Mailing List Third Party Advisory
93	https://www.exploit-db.com/exploits/46676/	Exploit Third Party Advisory VDB Entry
94	https://www.exploit-db.com/exploits/46676/	Exploit Third Party Advisory VDB Entry
95	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
96	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Third Party Advisory
97	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
98	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
99	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
100	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
101	https://www.synology.com/security/advisory/Synology_SA_19_14	Third Party Advisory
102	https://www.synology.com/security/advisory/Synology_SA_19_14	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

Configuration7	or higher	or less	more than	less than
cpe:2.3:a:redhat:software_collections:1.0:::::::*
cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:::::::*

Configuration8	or higher	or less	more than	less than
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*