7.5

CVE-2003-0131

EPSS 16.27%
Published 24.03.2003 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Affected products Warnungen 0 Metrics 2 CWE 0 References 26

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version0.9.6

OpenSSL ≫ OpenSSL Version0.9.6a

OpenSSL ≫ OpenSSL Version0.9.6b

OpenSSL ≫ OpenSSL Version0.9.6c

OpenSSL ≫ OpenSSL Version0.9.6d

OpenSSL ≫ OpenSSL Version0.9.6e

OpenSSL ≫ OpenSSL Version0.9.6g

OpenSSL ≫ OpenSSL Version0.9.6h

OpenSSL ≫ OpenSSL Version0.9.6i

OpenSSL ≫ OpenSSL Version0.9.7

OpenSSL ≫ OpenSSL Version0.9.7a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.27%	0.946

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625

http://eprint.iacr.org/2003/052/

Vendor Advisory

http://lists.apple.com/mhonarc/security-announce/msg00028.html

http://marc.info/?l=bugtraq&m=104811162730834&w=2

http://marc.info/?l=bugtraq&m=104852637112330&w=2

http://marc.info/?l=bugtraq&m=104878215721135&w=2

http://www.debian.org/security/2003/dsa-288

http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml

http://www.kb.cert.org/vuls/id/888801

Third Party Advisory

US Government Resource

http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:035

http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html

http://www.openssl.org/news/secadv_20030319.txt

http://www.redhat.com/support/errata/RHSA-2003-101.html

http://www.redhat.com/support/errata/RHSA-2003-102.html

http://www.securityfocus.com/archive/1/316577/30/25310/threaded

http://www.securityfocus.com/bid/7148

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/11586

https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461

https://nvd.nist.gov/vuln/detail/CVE-2003-0131

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0131

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0131

EUVD