6.4
CVE-2007-5502
- EPSS 2.31%
- Veröffentlicht 01.12.2007 06:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:17
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSL ≫ Fips Object Module Version1.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.31% | 0.812 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
http://secunia.com/advisories/27859
http://www.kb.cert.org/vuls/id/150249
http://www.openssl.org/news/secadv_20071129.txt
http://www.securityfocus.com/bid/26652
http://www.securitytracker.com/id?1019029
http://www.vupen.com/english/advisories/2007/4044
https://exchange.xforce.ibmcloud.com/vulnerabilities/38796