|Category:||Web application abuses|
|Title:||Tenable Nessus < 8.1.1 Multiple Vulnerabilities (tns-2018-16)|
|Summary:||This host is running Nessus and is prone to; multiple vulnerabilities.|
This host is running Nessus and is prone to
Tenable Nessus is affected by multiple vulnerabilities:
- Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library's DSA signature algorithm that renders it vulnerable to a timing side channel attack.
- Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library's Simultaneous Multithreading (SMT) architectures which render it vulnerable to side-channel leakage. This issue is known as 'PortSmash'.
Successful exploitation will allow remote
attackers potentially to recover the private key. They could possibly use this issue to perform a timing side-channel attack and recover private keys.
Nessus versions prior to version 8.1.1.
Upgrade to nessus version 8.1.1 or later.
For updates refer to Reference links.
Common Vulnerability Exposure (CVE) ID: CVE-2018-0734|
Debian Security Information: DSA-4348 (Google Search)
Debian Security Information: DSA-4355 (Google Search)
BugTraq ID: 105758
Common Vulnerability Exposure (CVE) ID: CVE-2018-5407
BugTraq ID: 105897
|Copyright||Copyright (C) 2019 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.