| ID |
CVE-2003-0131
|
| Summary |
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 19-10-2018 - 15:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2007-04-25T19:52:32.405-04:00 | | class | vulnerability | | contributors | | name | Jay Beale | | organization | Bastille Linux |
| name | Jay Beale | | organization | Bastille Linux |
| name | Jay Beale | | organization | Bastille Linux |
| name | Thomas R. Jones | | organization | Maitreya Security |
| | description | The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." | | family | unix | | id | oval:org.mitre.oval:def:461 | | status | accepted | | submitted | 2003-08-11T12:00:00.000-04:00 | | title | Klima-Pokorny-Rosa Attack Vulnerability | | version | 39 |
|
| redhat
via4
|
|
| refmap
via4
|
| bid | 7148 | | bugtraq | - 20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
- 20030324 GLSA: openssl (200303-20)
- 20030327 Immunix Secured OS 7+ openssl update
| | caldera | CSSA-2003-014.0 | | cert-vn | VU#888801 | | conectiva | CLA-2003:625 | | confirm | | | debian | DSA-288 | | engarde | ESA-20030320-010 | | freebsd | FreeBSD-SA-03:06 | | gentoo | GLSA-200303-20 | | immunix | IMNX-2003-7+-001-01 | | mandrake | MDKSA-2003:035 | | misc | | | netbsd | NetBSD-SA2003-007 | | openpkg | OpenPKG-SA-2003.026 | | sgi | 20030501-01-I | | suse | SuSE-SA:2003:024 | | trustix | 2003-0013 | | xf | ssl-premaster-information-leak(11586) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-03-14 | | organization | Red Hat | | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
| Last major update |
19-10-2018 - 15:29 |
| Published |
24-03-2003 - 05:00 |
| Last modified |
19-10-2018 - 15:29 |
