NVD Vulnerability Detail

CVE-2014-0076

Summary	The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Publication Date	March 25, 2014, 10:25 p.m.
Registration Date	Jan. 26, 2021, 3:04 p.m.
Last Update	Nov. 21, 2024, 11:01 a.m.

CVSS2.0 : LOW
Score	1.9
Vector	AV:L/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8u:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:1.0.0h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:1.0.0j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
cpe:2.3:a:openssl:openssl:0.9.8t:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl::::::::		1.0.0l
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
cpe:2.3:a:openssl:openssl:0.9.8w:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8v:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8y:::::::*
cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8x:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://advisories.mageia.org/MGASA-2014-0165.html
2	http://advisories.mageia.org/MGASA-2014-0165.html
3	http://eprint.iacr.org/2014/140
4	http://eprint.iacr.org/2014/140
5	http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
6	http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
7	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
8	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
9	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
10	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
11	http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
12	http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
13	http://marc.info/?l=bugtraq&m=140266410314613&w=2
14	http://marc.info/?l=bugtraq&m=140266410314613&w=2
15	http://marc.info/?l=bugtraq&m=140266410314613&w=2
16	http://marc.info/?l=bugtraq&m=140266410314613&w=2
17	http://marc.info/?l=bugtraq&m=140317760000786&w=2
18	http://marc.info/?l=bugtraq&m=140317760000786&w=2
19	http://marc.info/?l=bugtraq&m=140389274407904&w=2
20	http://marc.info/?l=bugtraq&m=140389274407904&w=2
21	http://marc.info/?l=bugtraq&m=140389355508263&w=2
22	http://marc.info/?l=bugtraq&m=140389355508263&w=2
23	http://marc.info/?l=bugtraq&m=140448122410568&w=2
24	http://marc.info/?l=bugtraq&m=140448122410568&w=2
25	http://marc.info/?l=bugtraq&m=140482916501310&w=2
26	http://marc.info/?l=bugtraq&m=140482916501310&w=2
27	http://marc.info/?l=bugtraq&m=140621259019789&w=2
28	http://marc.info/?l=bugtraq&m=140621259019789&w=2
29	http://marc.info/?l=bugtraq&m=140752315422991&w=2
30	http://marc.info/?l=bugtraq&m=140752315422991&w=2
31	http://marc.info/?l=bugtraq&m=140904544427729&w=2
32	http://marc.info/?l=bugtraq&m=140904544427729&w=2
33	http://secunia.com/advisories/58492
34	http://secunia.com/advisories/58492
35	http://secunia.com/advisories/58727
36	http://secunia.com/advisories/58727
37	http://secunia.com/advisories/58939
38	http://secunia.com/advisories/58939
39	http://secunia.com/advisories/59040
40	http://secunia.com/advisories/59040
41	http://secunia.com/advisories/59162
42	http://secunia.com/advisories/59162
43	http://secunia.com/advisories/59175
44	http://secunia.com/advisories/59175
45	http://secunia.com/advisories/59264
46	http://secunia.com/advisories/59264
47	http://secunia.com/advisories/59300
48	http://secunia.com/advisories/59300
49	http://secunia.com/advisories/59364
50	http://secunia.com/advisories/59364
51	http://secunia.com/advisories/59374
52	http://secunia.com/advisories/59374
53	http://secunia.com/advisories/59413
54	http://secunia.com/advisories/59413
55	http://secunia.com/advisories/59438
56	http://secunia.com/advisories/59438
57	http://secunia.com/advisories/59445
58	http://secunia.com/advisories/59445
59	http://secunia.com/advisories/59450
60	http://secunia.com/advisories/59450
61	http://secunia.com/advisories/59454
62	http://secunia.com/advisories/59454
63	http://secunia.com/advisories/59490
64	http://secunia.com/advisories/59490
65	http://secunia.com/advisories/59495
66	http://secunia.com/advisories/59495
67	http://secunia.com/advisories/59514
68	http://secunia.com/advisories/59514
69	http://secunia.com/advisories/59655
70	http://secunia.com/advisories/59655
71	http://secunia.com/advisories/59721
72	http://secunia.com/advisories/59721
73	http://secunia.com/advisories/60571
74	http://secunia.com/advisories/60571
75	http://support.apple.com/kb/HT6443
76	http://support.apple.com/kb/HT6443
77	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
78	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
79	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
80	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
81	http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
82	http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
83	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
84	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
85	http://www.novell.com/support/kb/doc.php?id=7015264
86	http://www.novell.com/support/kb/doc.php?id=7015264
87	http://www.novell.com/support/kb/doc.php?id=7015300
88	http://www.novell.com/support/kb/doc.php?id=7015300
89	http://www.openssl.org/news/secadv_20140605.txt
90	http://www.openssl.org/news/secadv_20140605.txt
91	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
92	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
93	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
94	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
95	http://www.securityfocus.com/bid/66363
96	http://www.securityfocus.com/bid/66363
97	http://www.ubuntu.com/usn/USN-2165-1
98	http://www.ubuntu.com/usn/USN-2165-1
99	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
100	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
101	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
102	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
103	http://www-01.ibm.com/support/docview.wss?uid=swg21673137
104	http://www-01.ibm.com/support/docview.wss?uid=swg21673137
105	http://www-01.ibm.com/support/docview.wss?uid=swg21676035
106	http://www-01.ibm.com/support/docview.wss?uid=swg21676035
107	http://www-01.ibm.com/support/docview.wss?uid=swg21676062
108	http://www-01.ibm.com/support/docview.wss?uid=swg21676062
109	http://www-01.ibm.com/support/docview.wss?uid=swg21676092
110	http://www-01.ibm.com/support/docview.wss?uid=swg21676092
111	http://www-01.ibm.com/support/docview.wss?uid=swg21676419
112	http://www-01.ibm.com/support/docview.wss?uid=swg21676419
113	http://www-01.ibm.com/support/docview.wss?uid=swg21676424
114	http://www-01.ibm.com/support/docview.wss?uid=swg21676424
115	http://www-01.ibm.com/support/docview.wss?uid=swg21676501
116	http://www-01.ibm.com/support/docview.wss?uid=swg21676501
117	http://www-01.ibm.com/support/docview.wss?uid=swg21676655
118	http://www-01.ibm.com/support/docview.wss?uid=swg21676655
119	http://www-01.ibm.com/support/docview.wss?uid=swg21677695
120	http://www-01.ibm.com/support/docview.wss?uid=swg21677695
121	http://www-01.ibm.com/support/docview.wss?uid=swg21677828
122	http://www-01.ibm.com/support/docview.wss?uid=swg21677828
123	https://bugs.gentoo.org/show_bug.cgi?id=505278
124	https://bugs.gentoo.org/show_bug.cgi?id=505278
125	https://bugzilla.novell.com/show_bug.cgi?id=869945
126	https://bugzilla.novell.com/show_bug.cgi?id=869945
127	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
128	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
129	https://kc.mcafee.com/corporate/index?page=content&id=SB10075
130	https://kc.mcafee.com/corporate/index?page=content&id=SB10075

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-310	暗号の問題	https://cwe.mitre.org/data/definitions/310.html

JVN Vulnerability Information

OpenSSL のモンゴメリ・ラダーの実装における楕円曲線デジタル署名アルゴリズムのワンタイムトークンを取得される脆弱性

Title	OpenSSL のモンゴメリ・ラダーの実装における楕円曲線デジタル署名アルゴリズムのワンタイムトークンを取得される脆弱性
Summary	OpenSSL のモンゴメリ・ラダー (Montgomery ladder) の実装は、特定のスワップ操作が一定時間で動作することを確認しないため、楕円曲線デジタル署名アルゴリズム（ECDSA）のワンタイムトークンを取得される脆弱性が存在します。
Possible impacts	第三者により、FLUSH+RELOAD キャッシュサイドチャネル攻撃を介して、楕円曲線デジタル署名アルゴリズム（ECDSA）のワンタイムトークンを取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 12, 2014, midnight
Registration Date	March 26, 2014, 6:20 p.m.
Last Update	June 26, 2015, 4:18 p.m.

Affected System

オラクル

Oracle VM VirtualBox 3.2.24 未満

Oracle VM VirtualBox 4.0.26 未満

Oracle VM VirtualBox 4.1.34 未満

Oracle VM VirtualBox 4.2.26 未満

Oracle VM VirtualBox 4.3.14 未満

IBM

IBM API Management 3.0 (IBM PureApplication System および XEN)

IBM API Management 3.0 (VMWare)

IBM InfoSphere Master Data Management Patient Hub 10.0

IBM InfoSphere Master Data Management Provider Hub 10.0

IBM InfoSphere Master Data Management Standard/Advanced Edition 11.0

IBM InfoSphere Master Data Management Standard/Advanced Edition 11.3

IBM Initiate Master Data Service 10.0

IBM Initiate Master Data Service 10.1

IBM Initiate Master Data Service 8.5

IBM Initiate Master Data Service 9.0

IBM Initiate Master Data Service 9.2

IBM Initiate Master Data Service 9.5

IBM Initiate Master Data Service 9.7

IBM Initiate Master Data Service Patient Hub 9.5

IBM Initiate Master Data Service Patient Hub 9.7

IBM Initiate Master Data Service Provider Hub 9.5

IBM Initiate Master Data Service Provider Hub 9.7

IBM SDK, for Node.js v1.1.0.2

IBM Security Access Manager for Mobile アプライアンス 8.0

IBM Security Access Manager for Web アプライアンス 7.0

IBM Security Access Manager for Web アプライアンス 8.0

IBM SmartCloud Orchestrator 2.3

IBM SmartCloud Orchestrator 2.3 FP1

IBM SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance

IBM Tivoli Management Framework 4.1.1 (linux-ix86 および linux-s390)

Tivoli Composite Application Manager for Transactions 7.1

Tivoli Composite Application Manager for Transactions 7.2

Tivoli Composite Application Manager for Transactions 7.3

Tivoli Composite Application Manager for Transactions 7.4

OpenSSL Project

OpenSSL 1.0.0l まで

アップル

Apple Mac OS X 10.7.5

Apple Mac OS X 10.8.5

Apple Mac OS X 10.9 から 10.9.4

Apple Mac OS X Server 10.7.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0076	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
National Vulnerability Database (NVD)
2	CVE-2014-0076	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT6443	http://support.apple.com/kb/HT6443
Apple セキュリティアップデート
2	HT6443	http://support.apple.com/kb/HT6443?viewlocale=ja_JP
Bugzilla
3	Bug 869945	https://bugzilla.novell.com/show_bug.cgi?id=869945
Cisco Security Advisory
4	cisco-sa-20140605-openssl	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
Gentoo's Bugzilla
5	Bug 505278	https://bugs.gentoo.org/show_bug.cgi?id=505278
IBM Support Document
6	00001841	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
7	00001843	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
8	1672507	http://www-01.ibm.com/support/docview.wss?uid=swg21672507
9	1673137	http://www-01.ibm.com/support/docview.wss?uid=swg21673137
10	1676035	http://www-01.ibm.com/support/docview.wss?uid=swg21676035
11	1676062	http://www-01.ibm.com/support/docview.wss?uid=swg21676062
12	1676092	http://www-01.ibm.com/support/docview.wss?uid=swg21676092
13	1676419	http://www-01.ibm.com/support/docview.wss?uid=swg21676419
14	1676424	http://www-01.ibm.com/support/docview.wss?uid=swg21676424
15	1676655	http://www-01.ibm.com/support/docview.wss?uid=swg21676655
16	1677695	http://www-01.ibm.com/support/docview.wss?uid=swg21677695
17	1677828	http://www-01.ibm.com/support/docview.wss?uid=swg21677828
Knowledgebase
18	7015264	http://www.novell.com/support/kb/doc.php?id=7015264
19	7015300	http://www.novell.com/support/kb/doc.php?id=7015300
McAfee Security Bulletin
20	SB10075	https://kc.mcafee.com/corporate/index?page=content&id=SB10075
OpenSSL
21	Fix for CVE-2014-0076	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
OpenSSL Security Advisory
22	SSL/TLS MITM vulnerability	https://www.openssl.org/news/secadv_20140605.txt
Oracle
23	OpenSSL Security Bug - Heartbleed / CVE-2014-0160	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
24	Oracle Security Alert for CVE-2014-0160	http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html
Oracle Critical Patch Update
25	Oracle Critical Patch Update Advisory - January 2015	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
26	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
27	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
Security Advisory
28	Huawei-SA-20140613-OpenSSL	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
SECURITY BLOG
29	January 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
30	Multiple vulnerabilities in OpenSSL	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5
シスコセキュリティアドバイザリ
31	cisco-sa-20140605-openssl	http://www.cisco.com/cisco/web/support/JP/112/1122/1122700_cisco-sa-20140605-openssl-j.html

その他

No	Name	URL
JVN
1	JVNVU#93868849	http://jvn.jp/vu/JVNVU93868849/index.html
関連文書
2	MGASA-2014-0165	http://advisories.mageia.org/MGASA-2014-0165.html

Change Log

No	Changed Details	Date of change
0	[2014年03月26日] 掲載 [2014年06月26日] ベンダ情報：オラクル (CVE-2014-0076 Cryptographic Issues vulnerability in OpenSSL) を追加 [2014年06月27日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：シスコシステムズ (cisco-sa-20140605-openssl) を追加 [2014年08月05日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：Huawei (Huawei-SA-20140613-OpenSSL) を追加ベンダ情報：IBM (00001841) を追加ベンダ情報：IBM (00001843) を追加ベンダ情報：IBM (1673137) を追加ベンダ情報：IBM (1676035) を追加ベンダ情報：IBM (1676062) を追加ベンダ情報：IBM (1676419) を追加ベンダ情報：IBM (1676424) を追加ベンダ情報：IBM (1676655) を追加ベンダ情報：IBM (1677695) を追加ベンダ情報：IBM (1677828) を追加ベンダ情報：IBM (1672507) を追加ベンダ情報：Novell (7015264) を追加ベンダ情報：Novell (7015300) を追加ベンダ情報：マカフィー (SB10075) を追加参考情報：関連文書 (MGASA-2014-0165) を追加 [2014年08月11日] ベンダ情報：オラクル (Multiple vulnerabilities in OpenSSL) を追加 [2014年09月24日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アップル (HT6443) を追加参考情報：JVN (JVNVU#93868849) を追加 [2015年01月30日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices) を追加ベンダ情報：オラクル (January 2015 Critical Patch Update Released) を追加 [2015年05月08日] ベンダ情報：OpenSSL Project (SSL/TLS MITM vulnerability) を追加 [2015年06月26日] ベンダ情報：IBM (1676092) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8u:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:1.0.0h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:1.0.0j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
cpe:2.3:a:openssl:openssl:0.9.8t:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl::::::::		1.0.0l
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
cpe:2.3:a:openssl:openssl:0.9.8w:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8v:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8y:::::::*
cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8x:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*