NVD脆弱性詳細

CVE-2019-1559

概要	If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
公表日	2019年2月28日8:29
登録日	2021年1月26日10:40
最終更新日	2024年11月21日13:36

CVSS3.1 : MEDIUM
スコア	5.9
ベクター	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	なし

CVSS2.0 : MEDIUM
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:openssl:openssl::::::::		1.0.2			1.0.2r

構成2	以上	以下	より上	未満
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

構成3	以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:a:netapp:hyper_converged_infrastructure:-:::::::*
cpe:2.3:a:netapp:cloud_backup:-:::::::*
cpe:2.3:a:netapp:santricity_smi-s_provider:-:::::::*
cpe:2.3:a:netapp:element_software:-:::::::*
cpe:2.3:a:netapp:snapdrive:-:::::unix::
cpe:2.3:a:netapp:snapcenter:-:::::::*
cpe:2.3:a:netapp:storage_automation_store:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy:-:::::::*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
cpe:2.3:a:netapp:oncommand_unified_manager:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:netapp:storagegrid:-:::::::*
cpe:2.3:a:netapp:storagegrid::::::::	9.0.0	9.0.4
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
cpe:2.3:a:netapp:oncommand_unified_manager:-:::::vsphere::
cpe:2.3:a:netapp:service_processor:-:::::::*
cpe:2.3:a:netapp:smi-s_provider:-:::::::*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:::::::*
cpe:2.3:a:netapp:snapdrive:-:::::windows::
cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*	7.3
cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*	9.5
cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:snapprotect:-:::::::*
cpe:2.3:h:netapp:hci_compute_node:-:::::::*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:altavault:-:::::::*

構成5	以上	以下	より上	未満
cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::	5.0.0	5.1.0
cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:::::::*
cpe:2.3:a:f5:big-iq_centralized_management::::::::	6.0.0	6.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_analytics::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_analytics::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_analytics::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_link_controller::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_link_controller::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_link_controller::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_domain_name_system::::::::	12.1.0	12.1.5
cpe:2.3:a:f5:big-ip_domain_name_system::::::::	13.0.0	13.1.3
cpe:2.3:a:f5:big-ip_domain_name_system::::::::	14.0.0	14.1.2
cpe:2.3:a:f5:big-ip_access_policy_manager::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_analytics::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_application_security_manager::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_domain_name_system::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_edge_gateway::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_link_controller::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-ip_webaccelerator::::::::	15.0.0	15.1.0
cpe:2.3:a:f5:big-iq_centralized_management::::::::	7.0.0	7.1.0

構成6		以上	以下	より上	未満
cpe:2.3:a:tenable:nessus::::::::			8.2.3

構成7	以上	以下	より上	未満
cpe:2.3:o:opensuse:leap:42.3:::::::*
cpe:2.3:o:opensuse:leap:15.0:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*

構成8		以上	以下	より上	未満
cpe:2.3:o:netapp:cn1610_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:cn1610:-:::::::*

構成9		以上	以下	より上	未満
cpe:2.3:o:netapp:a320_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:a320:-:::::::*

構成10		以上	以下	より上	未満
cpe:2.3:o:netapp:c190_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:c190:-:::::::*

構成11		以上	以下	より上	未満
cpe:2.3:o:netapp:a220_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:a220:-:::::::*

構成12		以上	以下	より上	未満
cpe:2.3:o:netapp:fas2720_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:fas2720:-:::::::*

構成13		以上	以下	より上	未満
cpe:2.3:o:netapp:fas2750_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:fas2750:-:::::::*

構成14		以上	以下	より上	未満
cpe:2.3:o:netapp:a800_firmware:-:::::::*
実行環境
1	cpe:2.3:h:netapp:a800:-:::::::*

構成15	以上	以下	より上	未満
cpe:2.3:o:fedoraproject:fedora:29:::::::*
cpe:2.3:o:fedoraproject:fedora:30:::::::*
cpe:2.3:o:fedoraproject:fedora:31:::::::*

構成16	以上	以下	より上	未満
cpe:2.3:a:mcafee:data_exchange_layer::::::::	4.0.0			6.0.0
cpe:2.3:a:mcafee:agent::::::::	5.6.0	5.6.4
cpe:2.3:a:mcafee:threat_intelligence_exchange_server::::::::	2.0.0			3.0.0
cpe:2.3:a:mcafee:web_gateway::::::::	7.0.0			9.0.0

構成17		以上	以下	より上	未満
cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:::::::*
実行環境
1	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
2	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
3	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

構成18		以上	以下	より上	未満
cpe:2.3:a:redhat:virtualization:4.0:::::::*
cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
実行環境
1	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

構成19	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

構成20	以上	以下	より上	未満
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:::::::*
cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0::::enterprise:::
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:mysql::::::::	5.7.0	5.7.25
cpe:2.3:a:oracle:mysql::::::::	8.0.0	8.0.15
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::
cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
cpe:2.3:a:oracle:mysql::::::::	5.6.0	5.6.43
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:::::::*
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:7.4:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:8.2:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:8.3:::::::*
cpe:2.3:a:oracle:communications_session_router:7.4:::::::*
cpe:2.3:a:oracle:communications_session_router:8.0:::::::*
cpe:2.3:a:oracle:communications_session_router:8.1:::::::*
cpe:2.3:a:oracle:communications_session_router:8.2:::::::*
cpe:2.3:a:oracle:communications_session_router:8.3:::::::*
cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:::::::*
cpe:2.3:a:oracle:endeca_server:7.7.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:::::::*
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::		4.0.8
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::	8.0.0	8.0.14
cpe:2.3:a:oracle:mysql_workbench::::::::		8.0.16
cpe:2.3:a:oracle:services_tools_bundle:19.2:::::::*
cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:::::::*

構成21	以上	以下	より上	未満
cpe:2.3:o:paloaltonetworks:pan-os::::::::	8.0.0			8.0.20
cpe:2.3:o:paloaltonetworks:pan-os::::::::	8.1.0			8.1.8
cpe:2.3:o:paloaltonetworks:pan-os::::::::	9.0.0			9.0.2
cpe:2.3:o:paloaltonetworks:pan-os::::::::	7.1.0			7.1.15

構成22	以上	以下	より上	未満
cpe:2.3:a:nodejs:node.js:::::-:::*	6.0.0	6.8.1
cpe:2.3:a:nodejs:node.js:::::-:::*	8.0.0	8.8.1
cpe:2.3:a:nodejs:node.js:::::lts:::*	6.9.0			6.17.0
cpe:2.3:a:nodejs:node.js:::::lts:::*	8.9.0			8.15.1

関連情報、対策とツール

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html	Mailing List Third Party Advisory
13	http://www.securityfocus.com/bid/107174	Third Party Advisory VDB Entry
14	http://www.securityfocus.com/bid/107174	Third Party Advisory VDB Entry
15	https://access.redhat.com/errata/RHSA-2019:2304	Third Party Advisory
16	https://access.redhat.com/errata/RHSA-2019:2304	Third Party Advisory
17	https://access.redhat.com/errata/RHSA-2019:2437	Third Party Advisory
18	https://access.redhat.com/errata/RHSA-2019:2437	Third Party Advisory
19	https://access.redhat.com/errata/RHSA-2019:2439	Third Party Advisory
20	https://access.redhat.com/errata/RHSA-2019:2439	Third Party Advisory
21	https://access.redhat.com/errata/RHSA-2019:2471	Third Party Advisory
22	https://access.redhat.com/errata/RHSA-2019:2471	Third Party Advisory
23	https://access.redhat.com/errata/RHSA-2019:3929	Third Party Advisory
24	https://access.redhat.com/errata/RHSA-2019:3929	Third Party Advisory
25	https://access.redhat.com/errata/RHSA-2019:3931	Third Party Advisory
26	https://access.redhat.com/errata/RHSA-2019:3931	Third Party Advisory
27	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
28	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
29	https://kc.mcafee.com/corporate/index?page=content&id=SB10282	Third Party Advisory
30	https://kc.mcafee.com/corporate/index?page=content&id=SB10282	Third Party Advisory
31	https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html	Mailing List Third Party Advisory
32	https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html	Mailing List Third Party Advisory
33	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
34	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
35	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
36	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
37	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
38	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
39	https://security.gentoo.org/glsa/201903-10	Third Party Advisory
40	https://security.gentoo.org/glsa/201903-10	Third Party Advisory
41	https://security.netapp.com/advisory/ntap-20190301-0001/	Patch Third Party Advisory
42	https://security.netapp.com/advisory/ntap-20190301-0001/	Patch Third Party Advisory
43	https://security.netapp.com/advisory/ntap-20190301-0002/	Broken Link Third Party Advisory
44	https://security.netapp.com/advisory/ntap-20190301-0002/	Broken Link Third Party Advisory
45	https://security.netapp.com/advisory/ntap-20190423-0002/	Third Party Advisory
46	https://security.netapp.com/advisory/ntap-20190423-0002/	Third Party Advisory
47	https://support.f5.com/csp/article/K18549143	Third Party Advisory
48	https://support.f5.com/csp/article/K18549143	Third Party Advisory
49	https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS
50	https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS
51	https://usn.ubuntu.com/3899-1/	Third Party Advisory
52	https://usn.ubuntu.com/3899-1/	Third Party Advisory
53	https://usn.ubuntu.com/4376-2/	Broken Link
54	https://usn.ubuntu.com/4376-2/	Broken Link
55	https://www.debian.org/security/2019/dsa-4400	Third Party Advisory
56	https://www.debian.org/security/2019/dsa-4400	Third Party Advisory
57	https://www.openssl.org/news/secadv/20190226.txt	Vendor Advisory
58	https://www.openssl.org/news/secadv/20190226.txt	Vendor Advisory
59	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
60	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
61	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
62	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
63	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
64	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory
65	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
66	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Third Party Advisory
67	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
68	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
69	https://www.tenable.com/security/tns-2019-02	Patch Third Party Advisory
70	https://www.tenable.com/security/tns-2019-02	Patch Third Party Advisory
71	https://www.tenable.com/security/tns-2019-03	Third Party Advisory
72	https://www.tenable.com/security/tns-2019-03	Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-203	セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい	https://cwe.mitre.org/data/definitions/203.html

JVN脆弱性情報

OpenSSL における情報漏えいに関する脆弱性

タイトル	OpenSSL における情報漏えいに関する脆弱性
概要	OpenSSL には、情報漏えいに関する脆弱性が存在します。
想定される影響	情報を取得される可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2019年2月26日0:00
登録日	2019年4月2日17:10
最終更新日	2021年7月15日15:04

影響を受けるシステム

OpenSSL Project

OpenSSL 1.0.2 から 1.0.2q

日立

Cosminexus HTTP Server

Job Management System Partern 1/Automatic Job Management System 3 - Web Operation Assistant

JP1/Automatic Job Management System 3 - Manager

JP1/Automatic Job Management System 3 - Web Operation Assistant

JP1/Automatic Operation

JP1/Data Highway - Server

JP1/Data Highway - Server Starter Edition

JP1/IT Desktop Management 2 - Smart Device Manager

JP1/Operations Analytics

JP1/Performance Management - Manager

JP1/SNMP System Observer

uCosminexus Application Server

uCosminexus Application Server (64)

uCosminexus Application Server -R

uCosminexus Developer

uCosminexus Primary Server Base

uCosminexus Primary Server Base(64)

uCosminexus Service Architect

uCosminexus Service Platform

uCosminexus Service Platform (64)

Debian

Debian GNU/Linux

Canonical

Ubuntu

NetApp

Element Software

NetApp Hyper Converged Infrastructure

NetApp StorageGRID Webscale

OnCommand Unified Manager

OnCommand Workflow Automation

ONTAP Select Deploy

ONTAP Select Deploy administration utility

SANtricity SMI-S Provider

SnapDrive

SteelStore Cloud Integrated Storage

openSUSE project

openSUSE Leap

F5 Networks

Traffix SDC

Tenable, Inc.

Nessus

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2019-1559	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559
National Vulnerability Database (NVD)
2	CVE-2019-1559	https://nvd.nist.gov/vuln/detail/CVE-2019-1559

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	名前	URL
Debian
1	[SECURITY] [DLA 1701-1] openssl security update	https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html
Debian Security Advisory
2	DSA-4400	https://www.debian.org/security/2019/dsa-4400
Git
3	Go into the error state if a fatal alert is sent or received	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
Hitachi Software Vulnerability Information
4	hitachi-sec-2019-112	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-112/index.html
5	hitachi-sec-2019-132	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-132/index.html
6	hitachi-sec-2021-121	https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-121/index.html
NetApp Advisory
7	NTAP-20190301-0001	https://security.netapp.com/advisory/ntap-20190301-0001/
OpenSSL Security Advisory
8	0-byte record padding oracle (CVE-2019-1559)	https://www.openssl.org/news/secadv/20190226.txt
opensuse-security-announce
9	openSUSE-SU-2019:1076-1	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
Security Advisory
10	K18549143	https://support.f5.com/csp/article/K18549143
Tenable Network Security
11	TNS-2019-02	https://www.tenable.com/security/tns-2019-02
Ubuntu Security Notice
12	USN-3899-1	https://usn.ubuntu.com/3899-1/
ソフトウェア製品セキュリティ情報
13	hitachi-sec-2019-112	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-112/index.html
14	hitachi-sec-2019-132	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-132/index.html
15	hitachi-sec-2021-121	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2021-121/index.html

変更履歴

No	変更内容	変更日
3	[2019年12月26日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：Hitachi Software Vulnerability Information (hitachi-sec-2019-132) を追加ベンダ情報：ソフトウェア製品セキュリティ情報 (hitachi-sec-2019-132) を追加	2019年12月26日15:04
1	[2019年04月02日] 掲載	2019年12月26日15:06
2	[2019年06月03日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：Hitachi Software Vulnerability Information (hitachi-sec-2019-112) を追加ベンダ情報：ソフトウェア製品セキュリティ情報 (hitachi-sec-2019-112) を追加	2019年12月26日15:06
4	[2021年07月15日] 影響を受けるシステム：ベンダ情報 (hitachi-sec-2021-121) の更新に伴い内容を更新ベンダ情報：日立 (hitachi-sec-2021-121) を追加	2021年7月15日14:23

構成4	以上	以下	より上	未満
cpe:2.3:a:netapp:hyper_converged_infrastructure:-:::::::*
cpe:2.3:a:netapp:cloud_backup:-:::::::*
cpe:2.3:a:netapp:santricity_smi-s_provider:-:::::::*
cpe:2.3:a:netapp:element_software:-:::::::*
cpe:2.3:a:netapp:snapdrive:-:::::unix::
cpe:2.3:a:netapp:snapcenter:-:::::::*
cpe:2.3:a:netapp:storage_automation_store:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy:-:::::::*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
cpe:2.3:a:netapp:oncommand_unified_manager:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:netapp:storagegrid:-:::::::*
cpe:2.3:a:netapp:storagegrid::::::::	9.0.0	9.0.4
cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
cpe:2.3:a:netapp:oncommand_unified_manager:-:::::vsphere::
cpe:2.3:a:netapp:service_processor:-:::::::*
cpe:2.3:a:netapp:smi-s_provider:-:::::::*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:::::::*
cpe:2.3:a:netapp:snapdrive:-:::::windows::
cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*	7.3
cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*	9.5
cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:snapprotect:-:::::::*
cpe:2.3:h:netapp:hci_compute_node:-:::::::*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:altavault:-:::::::*

構成19	以上	以下	より上	未満
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

構成20	以上	以下	より上	未満
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:::::::*
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:::::::*
cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0::::enterprise:::
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:mysql::::::::	5.7.0	5.7.25
cpe:2.3:a:oracle:mysql::::::::	8.0.0	8.0.15
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::
cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
cpe:2.3:a:oracle:mysql::::::::	5.6.0	5.6.43
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:::::::*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:::::::*
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:7.4:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:8.2:::::::*
cpe:2.3:a:oracle:communications_session_border_controller:8.3:::::::*
cpe:2.3:a:oracle:communications_session_router:7.4:::::::*
cpe:2.3:a:oracle:communications_session_router:8.0:::::::*
cpe:2.3:a:oracle:communications_session_router:8.1:::::::*
cpe:2.3:a:oracle:communications_session_router:8.2:::::::*
cpe:2.3:a:oracle:communications_session_router:8.3:::::::*
cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:::::::*
cpe:2.3:a:oracle:endeca_server:7.7.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:::::::*
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::		4.0.8
cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::	8.0.0	8.0.14
cpe:2.3:a:oracle:mysql_workbench::::::::		8.0.16
cpe:2.3:a:oracle:services_tools_bundle:19.2:::::::*
cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:::::::*