NVD脆弱性詳細

CVE-2014-0076

概要	The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
公表日	2014年3月25日22:25
登録日	2021年1月26日15:04
最終更新日	2024年11月21日11:01

CVSS2.0 : LOW
スコア	1.9
ベクター	AV:L/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8u:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:1.0.0h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:1.0.0j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
cpe:2.3:a:openssl:openssl:0.9.8t:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl::::::::		1.0.0l
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
cpe:2.3:a:openssl:openssl:0.9.8w:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8v:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8y:::::::*
cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8x:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://advisories.mageia.org/MGASA-2014-0165.html
2	http://advisories.mageia.org/MGASA-2014-0165.html
3	http://eprint.iacr.org/2014/140
4	http://eprint.iacr.org/2014/140
5	http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
6	http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
7	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
8	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
9	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
10	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
11	http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
12	http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
13	http://marc.info/?l=bugtraq&m=140266410314613&w=2
14	http://marc.info/?l=bugtraq&m=140266410314613&w=2
15	http://marc.info/?l=bugtraq&m=140266410314613&w=2
16	http://marc.info/?l=bugtraq&m=140266410314613&w=2
17	http://marc.info/?l=bugtraq&m=140317760000786&w=2
18	http://marc.info/?l=bugtraq&m=140317760000786&w=2
19	http://marc.info/?l=bugtraq&m=140389274407904&w=2
20	http://marc.info/?l=bugtraq&m=140389274407904&w=2
21	http://marc.info/?l=bugtraq&m=140389355508263&w=2
22	http://marc.info/?l=bugtraq&m=140389355508263&w=2
23	http://marc.info/?l=bugtraq&m=140448122410568&w=2
24	http://marc.info/?l=bugtraq&m=140448122410568&w=2
25	http://marc.info/?l=bugtraq&m=140482916501310&w=2
26	http://marc.info/?l=bugtraq&m=140482916501310&w=2
27	http://marc.info/?l=bugtraq&m=140621259019789&w=2
28	http://marc.info/?l=bugtraq&m=140621259019789&w=2
29	http://marc.info/?l=bugtraq&m=140752315422991&w=2
30	http://marc.info/?l=bugtraq&m=140752315422991&w=2
31	http://marc.info/?l=bugtraq&m=140904544427729&w=2
32	http://marc.info/?l=bugtraq&m=140904544427729&w=2
33	http://secunia.com/advisories/58492
34	http://secunia.com/advisories/58492
35	http://secunia.com/advisories/58727
36	http://secunia.com/advisories/58727
37	http://secunia.com/advisories/58939
38	http://secunia.com/advisories/58939
39	http://secunia.com/advisories/59040
40	http://secunia.com/advisories/59040
41	http://secunia.com/advisories/59162
42	http://secunia.com/advisories/59162
43	http://secunia.com/advisories/59175
44	http://secunia.com/advisories/59175
45	http://secunia.com/advisories/59264
46	http://secunia.com/advisories/59264
47	http://secunia.com/advisories/59300
48	http://secunia.com/advisories/59300
49	http://secunia.com/advisories/59364
50	http://secunia.com/advisories/59364
51	http://secunia.com/advisories/59374
52	http://secunia.com/advisories/59374
53	http://secunia.com/advisories/59413
54	http://secunia.com/advisories/59413
55	http://secunia.com/advisories/59438
56	http://secunia.com/advisories/59438
57	http://secunia.com/advisories/59445
58	http://secunia.com/advisories/59445
59	http://secunia.com/advisories/59450
60	http://secunia.com/advisories/59450
61	http://secunia.com/advisories/59454
62	http://secunia.com/advisories/59454
63	http://secunia.com/advisories/59490
64	http://secunia.com/advisories/59490
65	http://secunia.com/advisories/59495
66	http://secunia.com/advisories/59495
67	http://secunia.com/advisories/59514
68	http://secunia.com/advisories/59514
69	http://secunia.com/advisories/59655
70	http://secunia.com/advisories/59655
71	http://secunia.com/advisories/59721
72	http://secunia.com/advisories/59721
73	http://secunia.com/advisories/60571
74	http://secunia.com/advisories/60571
75	http://support.apple.com/kb/HT6443
76	http://support.apple.com/kb/HT6443
77	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
78	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
79	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
80	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
81	http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
82	http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
83	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
84	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
85	http://www.novell.com/support/kb/doc.php?id=7015264
86	http://www.novell.com/support/kb/doc.php?id=7015264
87	http://www.novell.com/support/kb/doc.php?id=7015300
88	http://www.novell.com/support/kb/doc.php?id=7015300
89	http://www.openssl.org/news/secadv_20140605.txt
90	http://www.openssl.org/news/secadv_20140605.txt
91	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
92	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
93	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
94	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
95	http://www.securityfocus.com/bid/66363
96	http://www.securityfocus.com/bid/66363
97	http://www.ubuntu.com/usn/USN-2165-1
98	http://www.ubuntu.com/usn/USN-2165-1
99	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
100	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
101	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
102	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
103	http://www-01.ibm.com/support/docview.wss?uid=swg21673137
104	http://www-01.ibm.com/support/docview.wss?uid=swg21673137
105	http://www-01.ibm.com/support/docview.wss?uid=swg21676035
106	http://www-01.ibm.com/support/docview.wss?uid=swg21676035
107	http://www-01.ibm.com/support/docview.wss?uid=swg21676062
108	http://www-01.ibm.com/support/docview.wss?uid=swg21676062
109	http://www-01.ibm.com/support/docview.wss?uid=swg21676092
110	http://www-01.ibm.com/support/docview.wss?uid=swg21676092
111	http://www-01.ibm.com/support/docview.wss?uid=swg21676419
112	http://www-01.ibm.com/support/docview.wss?uid=swg21676419
113	http://www-01.ibm.com/support/docview.wss?uid=swg21676424
114	http://www-01.ibm.com/support/docview.wss?uid=swg21676424
115	http://www-01.ibm.com/support/docview.wss?uid=swg21676501
116	http://www-01.ibm.com/support/docview.wss?uid=swg21676501
117	http://www-01.ibm.com/support/docview.wss?uid=swg21676655
118	http://www-01.ibm.com/support/docview.wss?uid=swg21676655
119	http://www-01.ibm.com/support/docview.wss?uid=swg21677695
120	http://www-01.ibm.com/support/docview.wss?uid=swg21677695
121	http://www-01.ibm.com/support/docview.wss?uid=swg21677828
122	http://www-01.ibm.com/support/docview.wss?uid=swg21677828
123	https://bugs.gentoo.org/show_bug.cgi?id=505278
124	https://bugs.gentoo.org/show_bug.cgi?id=505278
125	https://bugzilla.novell.com/show_bug.cgi?id=869945
126	https://bugzilla.novell.com/show_bug.cgi?id=869945
127	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
128	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
129	https://kc.mcafee.com/corporate/index?page=content&id=SB10075
130	https://kc.mcafee.com/corporate/index?page=content&id=SB10075

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-310	暗号の問題	https://cwe.mitre.org/data/definitions/310.html

JVN脆弱性情報

OpenSSL のモンゴメリ・ラダーの実装における楕円曲線デジタル署名アルゴリズムのワンタイムトークンを取得される脆弱性

タイトル	OpenSSL のモンゴメリ・ラダーの実装における楕円曲線デジタル署名アルゴリズムのワンタイムトークンを取得される脆弱性
概要	OpenSSL のモンゴメリ・ラダー (Montgomery ladder) の実装は、特定のスワップ操作が一定時間で動作することを確認しないため、楕円曲線デジタル署名アルゴリズム（ECDSA）のワンタイムトークンを取得される脆弱性が存在します。
想定される影響	第三者により、FLUSH+RELOAD キャッシュサイドチャネル攻撃を介して、楕円曲線デジタル署名アルゴリズム（ECDSA）のワンタイムトークンを取得される可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2014年3月12日0:00
登録日	2014年3月26日18:20
最終更新日	2015年6月26日16:18

影響を受けるシステム

オラクル

Oracle VM VirtualBox 3.2.24 未満

Oracle VM VirtualBox 4.0.26 未満

Oracle VM VirtualBox 4.1.34 未満

Oracle VM VirtualBox 4.2.26 未満

Oracle VM VirtualBox 4.3.14 未満

IBM

IBM API Management 3.0 (IBM PureApplication System および XEN)

IBM API Management 3.0 (VMWare)

IBM InfoSphere Master Data Management Patient Hub 10.0

IBM InfoSphere Master Data Management Provider Hub 10.0

IBM InfoSphere Master Data Management Standard/Advanced Edition 11.0

IBM InfoSphere Master Data Management Standard/Advanced Edition 11.3

IBM Initiate Master Data Service 10.0

IBM Initiate Master Data Service 10.1

IBM Initiate Master Data Service 8.5

IBM Initiate Master Data Service 9.0

IBM Initiate Master Data Service 9.2

IBM Initiate Master Data Service 9.5

IBM Initiate Master Data Service 9.7

IBM Initiate Master Data Service Patient Hub 9.5

IBM Initiate Master Data Service Patient Hub 9.7

IBM Initiate Master Data Service Provider Hub 9.5

IBM Initiate Master Data Service Provider Hub 9.7

IBM SDK, for Node.js v1.1.0.2

IBM Security Access Manager for Mobile アプライアンス 8.0

IBM Security Access Manager for Web アプライアンス 7.0

IBM Security Access Manager for Web アプライアンス 8.0

IBM SmartCloud Orchestrator 2.3

IBM SmartCloud Orchestrator 2.3 FP1

IBM SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance

IBM Tivoli Management Framework 4.1.1 (linux-ix86 および linux-s390)

Tivoli Composite Application Manager for Transactions 7.1

Tivoli Composite Application Manager for Transactions 7.2

Tivoli Composite Application Manager for Transactions 7.3

Tivoli Composite Application Manager for Transactions 7.4

OpenSSL Project

OpenSSL 1.0.0l まで

アップル

Apple Mac OS X 10.7.5

Apple Mac OS X 10.8.5

Apple Mac OS X 10.9 から 10.9.4

Apple Mac OS X Server 10.7.5

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0076	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
National Vulnerability Database (NVD)
2	CVE-2014-0076	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	名前	URL
Apple Security Updates
1	HT6443	http://support.apple.com/kb/HT6443
Apple セキュリティアップデート
2	HT6443	http://support.apple.com/kb/HT6443?viewlocale=ja_JP
Bugzilla
3	Bug 869945	https://bugzilla.novell.com/show_bug.cgi?id=869945
Cisco Security Advisory
4	cisco-sa-20140605-openssl	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
Gentoo's Bugzilla
5	Bug 505278	https://bugs.gentoo.org/show_bug.cgi?id=505278
IBM Support Document
6	00001841	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
7	00001843	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
8	1672507	http://www-01.ibm.com/support/docview.wss?uid=swg21672507
9	1673137	http://www-01.ibm.com/support/docview.wss?uid=swg21673137
10	1676035	http://www-01.ibm.com/support/docview.wss?uid=swg21676035
11	1676062	http://www-01.ibm.com/support/docview.wss?uid=swg21676062
12	1676092	http://www-01.ibm.com/support/docview.wss?uid=swg21676092
13	1676419	http://www-01.ibm.com/support/docview.wss?uid=swg21676419
14	1676424	http://www-01.ibm.com/support/docview.wss?uid=swg21676424
15	1676655	http://www-01.ibm.com/support/docview.wss?uid=swg21676655
16	1677695	http://www-01.ibm.com/support/docview.wss?uid=swg21677695
17	1677828	http://www-01.ibm.com/support/docview.wss?uid=swg21677828
Knowledgebase
18	7015264	http://www.novell.com/support/kb/doc.php?id=7015264
19	7015300	http://www.novell.com/support/kb/doc.php?id=7015300
McAfee Security Bulletin
20	SB10075	https://kc.mcafee.com/corporate/index?page=content&id=SB10075
OpenSSL
21	Fix for CVE-2014-0076	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
OpenSSL Security Advisory
22	SSL/TLS MITM vulnerability	https://www.openssl.org/news/secadv_20140605.txt
Oracle
23	OpenSSL Security Bug - Heartbleed / CVE-2014-0160	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
24	Oracle Security Alert for CVE-2014-0160	http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html
Oracle Critical Patch Update
25	Oracle Critical Patch Update Advisory - January 2015	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
26	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
27	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
Security Advisory
28	Huawei-SA-20140613-OpenSSL	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
SECURITY BLOG
29	January 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
30	Multiple vulnerabilities in OpenSSL	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5
シスコセキュリティアドバイザリ
31	cisco-sa-20140605-openssl	http://www.cisco.com/cisco/web/support/JP/112/1122/1122700_cisco-sa-20140605-openssl-j.html

その他

No	名前	URL
JVN
1	JVNVU#93868849	http://jvn.jp/vu/JVNVU93868849/index.html
関連文書
2	MGASA-2014-0165	http://advisories.mageia.org/MGASA-2014-0165.html

変更履歴

No	変更内容	変更日
0	[2014年03月26日] 掲載 [2014年06月26日] ベンダ情報：オラクル (CVE-2014-0076 Cryptographic Issues vulnerability in OpenSSL) を追加 [2014年06月27日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：シスコシステムズ (cisco-sa-20140605-openssl) を追加 [2014年08月05日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：Huawei (Huawei-SA-20140613-OpenSSL) を追加ベンダ情報：IBM (00001841) を追加ベンダ情報：IBM (00001843) を追加ベンダ情報：IBM (1673137) を追加ベンダ情報：IBM (1676035) を追加ベンダ情報：IBM (1676062) を追加ベンダ情報：IBM (1676419) を追加ベンダ情報：IBM (1676424) を追加ベンダ情報：IBM (1676655) を追加ベンダ情報：IBM (1677695) を追加ベンダ情報：IBM (1677828) を追加ベンダ情報：IBM (1672507) を追加ベンダ情報：Novell (7015264) を追加ベンダ情報：Novell (7015300) を追加ベンダ情報：マカフィー (SB10075) を追加参考情報：関連文書 (MGASA-2014-0165) を追加 [2014年08月11日] ベンダ情報：オラクル (Multiple vulnerabilities in OpenSSL) を追加 [2014年09月24日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アップル (HT6443) を追加参考情報：JVN (JVNVU#93868849) を追加 [2015年01月30日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices) を追加ベンダ情報：オラクル (January 2015 Critical Patch Update Released) を追加 [2015年05月08日] ベンダ情報：OpenSSL Project (SSL/TLS MITM vulnerability) を追加 [2015年06月26日] ベンダ情報：IBM (1676092) を追加	2018年2月17日10:37

構成1	以上	以下	より上	未満
cpe:2.3:a:openssl:openssl:0.9.7:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7:beta6::::::
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta2::::::
cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
cpe:2.3:a:openssl:openssl:0.9.8u:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
cpe:2.3:a:openssl:openssl:1.0.0h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7k:::::::*
cpe:2.3:a:openssl:openssl:1.0.0j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
cpe:2.3:a:openssl:openssl:0.9.8t:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl::::::::		1.0.0l
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.7m:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta4::::::
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
cpe:2.3:a:openssl:openssl:0.9.8w:::::::*
cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl:0.9.8v:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.8y:::::::*
cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8x:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*