9.8

CVE-2011-4121

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Version >= 1.8.7.334 < 1.9.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.53% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://www.openwall.com/lists/oss-security/2013/07/01/1
Third Party Advisory
Mailing List
https://access.redhat.com/security/cve/cve-2011-4121
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121
Third Party Advisory
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2011-4121
Third Party Advisory