[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255861

 
 

909

 
 

199025

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-0131Date: (C)2003-03-24   (M)2024-02-22


The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
2003-0013
http://marc.info/?l=bugtraq&m=104811162730834&w=2
http://marc.info/?l=bugtraq&m=104852637112330&w=2
http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded
20030501-01-I
BID-7148
CLA-2003:625
CSSA-2003-014.0
DSA-288
GLSA-200303-20
IMNX-2003-7+-001-01
MDKSA-2003:035
NetBSD-SA2003-007
OpenPKG-SA-2003.026
RHSA-2003:101
RHSA-2003:102
SuSE-SA:2003:024
VU#888801
http://eprint.iacr.org/2003/052/
http://lists.apple.com/mhonarc/security-announce/msg00028.html
http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
http://www.openssl.org/news/secadv_20030319.txt
ssl-premaster-information-leak(11586)

CPE    11
cpe:/a:openssl:openssl:0.9.6e
cpe:/a:openssl:openssl:0.9.6g
cpe:/a:openssl:openssl:0.9.6h
cpe:/a:openssl:openssl:0.9.6i
...
OVAL    1
oval:org.secpod.oval:def:1506549

© SecPod Technologies