7.5

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.6a
OpenSSLOpenSSL Version0.9.6b
OpenSSLOpenSSL Version0.9.6c
OpenSSLOpenSSL Version0.9.6d
OpenSSLOpenSSL Version0.9.6e
OpenSSLOpenSSL Version0.9.6g
OpenSSLOpenSSL Version0.9.6h
OpenSSLOpenSSL Version0.9.6i
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.28% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
http://eprint.iacr.org/2003/052/
Vendor Advisory
http://lists.apple.com/mhonarc/security-announce/msg00028.html
http://marc.info/?l=bugtraq&m=104811162730834&w=2
http://marc.info/?l=bugtraq&m=104852637112330&w=2
http://marc.info/?l=bugtraq&m=104878215721135&w=2
http://www.debian.org/security/2003/dsa-288
http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml
http://www.kb.cert.org/vuls/id/888801
Third Party Advisory
US Government Resource
http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:035
http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html
http://www.openssl.org/news/secadv_20030319.txt
http://www.redhat.com/support/errata/RHSA-2003-101.html
http://www.redhat.com/support/errata/RHSA-2003-102.html
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
http://www.securityfocus.com/bid/7148
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11586
https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461