var-200303-0118
Vulnerability from variot
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack.". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]
Klima-Pokorny-Rosa attack on RSA in SSL/TLS
Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Note that the server's RSA key is not compromised in this attack. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.
Security Patch
The following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i, 0.9.7, and 0.9.7a.
--- s3_srvr.c 29 Nov 2002 11:31:51 -0000 1.85.2.14 +++ s3_srvr.c 19 Mar 2003 18:00:00 -0000 @@ -1447,7 +1447,7 @@ if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); / }
if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
@@ -1463,30 +1463,29 @@ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + / SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); / + + / The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (https://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. / + p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; } }
if (al != -1)
{
-#if 0 - goto f_err; -#else / Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - / + * (see RFC 2246, section 7.4.7.1). / ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); / should be RAND_bytes, but we cannot work around a failure */ -#endif }
s->session->master_key_length=
References
Report "Attacking RSA-based Sessions in SSL/TLS" by V. Klima, O. Pokorny, and T. Rosa: https://eprint.iacr.org/2003/052/
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0131 to this issue. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131
URL for this Security Advisory: https://www.openssl.org/news/secadv_20030319.txt
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200303-0118", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple computer", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "conectiva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnu tls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "guardian digital", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ingrian", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mirapoint", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "netbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sgi", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sorceror linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "suse", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wirex", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "esoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mod ssl", "version": null }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "0.9.7a" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.2" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.3" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.1.7.4" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.1.4" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0.2" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0.3" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0.4" }, { "model": "cobalt raq4", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "cobalt raq550", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "cobalt raqxtr", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "6.5" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "7" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "8" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.00" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.20" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.22" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.2" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.1" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.2" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.3" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "9" }, { "model": "cobalt raq xtr", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cobalt raq", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "550" }, { "model": "cobalt raq", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4" }, { "model": "cobalt qube", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "3" }, { "model": "irix", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.19" }, { "model": "open server", "scope": "eq", "trust": 0.3, "vendor": "sco", "version": "5.0.7" }, { "model": "open server", "scope": "eq", "trust": 0.3, "vendor": "sco", "version": "5.0.6" }, { "model": "open server", "scope": "eq", "trust": 0.3, "vendor": "sco", "version": "5.0.5" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.3" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "oracle9i application server .1s", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.4" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.3" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.2" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.1" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.0" }, { "model": "big-ip blade controller ptf-01", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2.3" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "associates etrust security command center", "scope": "eq", "trust": 0.3, "vendor": "computer", "version": "1.0" }, { "model": "tru64 b", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.1" }, { "model": "tru64 a", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.1" }, { "model": "tru64", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.1" }, { "model": "tru64 a", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.0" }, { "model": "tru64 g", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "4.0" }, { "model": "tru64 f", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "4.0" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.3" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.3" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2.1" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2-2" }, { "model": "openvms -1h2 alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms -1h1 alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.1-2" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.1" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.1" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "6.2" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "6.2" }, { "model": "openvms", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "6.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.2" }, { "model": "project openssl b", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl j", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "hp-ux apache-based web server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.0.07.01" }, { "model": "hp-ux apache-based web server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.0.03.01" }, { "model": "apache-based web server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.3.27.02" }, { "model": "transport layer security library", "scope": "ne", "trust": 0.3, "vendor": "gnu", "version": "0.8.5" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.2.5" } ], "sources": [ { "db": "CERT/CC", "id": "VU#888801" }, { "db": "BID", "id": "7148" }, { "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "db": "NVD", "id": "CVE-2003-0131" }, { "db": "CNNVD", "id": "CNNVD-200303-076" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0131" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Discovery credited to Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa.", "sources": [ { "db": "BID", "id": "7148" }, { "db": "CNNVD", "id": "CNNVD-200303-076" } ], "trust": 0.9 }, "cve": "CVE-2003-0131", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2003-0131", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2003-0131", "trust": 1.8, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#888801", "trust": 0.8, "value": "4.05" }, { "author": "CNNVD", "id": "CNNVD-200303-076", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#888801" }, { "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "db": "NVD", "id": "CVE-2003-0131" }, { "db": "CNNVD", "id": "CNNVD-200303-076" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application\u0027s private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003]\n\nKlima-Pokorny-Rosa attack on RSA in SSL/TLS\n===========================================\n\nCzech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa\nhave come up with an extension of the \"Bleichenbacher attack\" on RSA\nwith PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. \nNote that the server\u0027s RSA key is not compromised in this attack. \nOpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed\npatch modifies SSL/TLS server behaviour to avoid the vulnerability. \n\n\nSecurity Patch\n--------------\n\nThe following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i,\n0.9.7, and 0.9.7a. \n\n--- s3_srvr.c\t29 Nov 2002 11:31:51 -0000\t1.85.2.14\n+++ s3_srvr.c\t19 Mar 2003 18:00:00 -0000\n@@ -1447,7 +1447,7 @@\n \t\tif (i != SSL_MAX_MASTER_KEY_LENGTH)\n \t\t\t{\n \t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);\n+\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */\n \t\t\t}\n \n \t\tif ((al == -1) \u0026\u0026 !((p[0] == (s-\u003eclient_version\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eclient_version \u0026 0xff))))\n@@ -1463,30 +1463,29 @@\n \t\t\t\t(p[0] == (s-\u003eversion\u003e\u003e8)) \u0026\u0026 (p[1] == (s-\u003eversion \u0026 0xff))))\n \t\t\t\t{\n \t\t\t\tal=SSL_AD_DECODE_ERROR;\n-\t\t\t\tSSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);\n-\t\t\t\tgoto f_err;\n+\t\t\t\t/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */\n+\n+\t\t\t\t/* The Klima-Pokorny-Rosa extension of Bleichenbacher\u0027s attack\n+\t\t\t\t * (https://eprint.iacr.org/2003/052/) exploits the version\n+\t\t\t\t * number check as a \"bad version oracle\" -- an alert would\n+\t\t\t\t * reveal that the plaintext corresponding to some ciphertext\n+\t\t\t\t * made up by the adversary is properly formatted except\n+\t\t\t\t * that the version number is wrong. To avoid such attacks,\n+\t\t\t\t * we should treat this just like any other decryption error. */\n+\t\t\t\tp[0] = (char)(int) \"CAN-2003-0131 patch 2003-03-19\";\n \t\t\t\t}\n \t\t\t}\n \n \t\tif (al != -1)\n \t\t\t{\n-#if 0\n-\t\t\tgoto f_err;\n-#else\n \t\t\t/* Some decryption failure -- use random value instead as countermeasure\n \t\t\t * against Bleichenbacher\u0027s attack on PKCS #1 v1.5 RSA padding\n-\t\t\t * (see RFC 2246, section 7.4.7.1). \n-\t\t\t * But note that due to length and protocol version checking, the\n-\t\t\t * attack is impractical anyway (see section 5 in D. Bleichenbacher:\n-\t\t\t * \"Chosen Ciphertext Attacks Against Protocols Based on the RSA\n-\t\t\t * Encryption Standard PKCS #1\", CRYPTO \u002798, LNCS 1462, pp. 1-12). \n-\t\t\t */\n+\t\t\t * (see RFC 2246, section 7.4.7.1). */\n \t\t\tERR_clear_error();\n \t\t\ti = SSL_MAX_MASTER_KEY_LENGTH;\n \t\t\tp[0] = s-\u003eclient_version \u003e\u003e 8;\n \t\t\tp[1] = s-\u003eclient_version \u0026 0xff;\n \t\t\tRAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */\n-#endif\n \t\t\t}\n \t\n \t\ts-\u003esession-\u003emaster_key_length=\n\n\nReferences\n----------\n\nReport \"Attacking RSA-based Sessions in SSL/TLS\" by V. Klima, O. Pokorny,\nand T. Rosa:\nhttps://eprint.iacr.org/2003/052/\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2003-0131 to this issue. \nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20030319.txt\n", "sources": [ { "db": "NVD", "id": "CVE-2003-0131" }, { "db": "CERT/CC", "id": "VU#888801" }, { "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "db": "BID", "id": "7148" }, { "db": "PACKETSTORM", "id": "169675" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2003-0131", "trust": 2.8 }, { "db": "BID", "id": "7148", "trust": 2.7 }, { "db": "CERT/CC", "id": "VU#888801", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2003-000095", "trust": 0.8 }, { "db": "XF", "id": "11586", "trust": 0.6 }, { "db": "TRUSTIX", "id": "2003-0013", "trust": 0.6 }, { "db": "CALDERA", "id": "CSSA-2003-014.0", "trust": 0.6 }, { "db": "DEBIAN", "id": "DSA-288", "trust": 0.6 }, { "db": "SGI", "id": "20030501-01-I", "trust": 0.6 }, { "db": "NETBSD", "id": "NETBSD-SA2003-007", "trust": 0.6 }, { "db": "OPENPKG", "id": "OPENPKG-SA-2003.026", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20030327 IMMUNIX SECURED OS 7+ OPENSSL UPDATE", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20030319 [OPENSSL ADVISORY] KLIMA-POKORNY-ROSA ATTACK ON PKCS #1 V1.5 PADDING", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20030324 GLSA: OPENSSL (200303-20)", "trust": 0.6 }, { "db": "MANDRAKE", "id": "MDKSA-2003:035", "trust": 0.6 }, { "db": "SUSE", "id": "SUSE-SA:2003:024", "trust": 0.6 }, { "db": "OVAL", "id": "OVAL:ORG.MITRE.OVAL:DEF:461", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2003:102", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2003:101", "trust": 0.6 }, { "db": "GENTOO", "id": "GLSA-200303-20", "trust": 0.6 }, { "db": "CONECTIVA", "id": "CLA-2003:625", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200303-076", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "169675", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#888801" }, { "db": "BID", "id": "7148" }, { "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "db": "PACKETSTORM", "id": "169675" }, { "db": "NVD", "id": "CVE-2003-0131" }, { "db": "CNNVD", "id": "CNNVD-200303-076" } ] }, "id": "VAR-200303-0118", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4615448 }, "last_update_date": "2023-12-18T12:40:39.190000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBUX0304-255", "trust": 0.8, "url": "http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0304-255" }, { "title": "HPSBUX0304-255", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-255.html" }, { "title": "secadv_20030319", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20030319.txt" }, { "title": "RHSA-2003:101", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2003-101.html" }, { "title": "4 Apache \u0026amp; SSL Security 2.0.1", "trust": 0.8, "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage" }, { "title": "XTR Apache \u0026amp; SSL Security 1.0.1", "trust": 0.8, "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage" }, { "title": "550 Apache \u0026amp; SSL Security 0.0.1", "trust": 0.8, "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage" }, { "title": "TLSA-2003-22", "trust": 0.8, "url": "http://www.turbolinux.com/security/2003/tlsa-2003-22.txt" }, { "title": "#62", "trust": 0.8, "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf" }, { "title": "RHSA-2003:101", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-101j.html" }, { "title": "TLSA-2003-22", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-22j.txt" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000095" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0131" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://eprint.iacr.org/2003/052/" }, { "trust": 2.5, "url": "http://www.openssl.org/news/secadv_20030319.txt" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/7148" }, { "trust": 1.6, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-007.txt.asc" }, { "trust": 1.6, "url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt" }, { "trust": 1.6, "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i" }, { "trust": 1.6, "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625" }, { "trust": 1.6, "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html" }, { "trust": 1.6, "url": "http://www.debian.org/security/2003/dsa-288" }, { "trust": 1.6, "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml" }, { "trust": 1.6, "url": "http://www.kb.cert.org/vuls/id/888801" }, { "trust": 1.6, "url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdksa-2003:035" }, { "trust": 1.6, "url": "http://www.openpkg.org/security/openpkg-sa-2003.026-openssl.html" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2003-101.html" }, { "trust": 1.6, "url": "http://www.redhat.com/support/errata/rhsa-2003-102.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=104811162730834\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=104852637112330\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=104878215721135\u0026w=2" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586" }, { "trust": 1.0, "url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a461" }, { "trust": 0.8, "url": "http://www.i.cz/en/onas/tisk7.html" }, { "trust": 0.8, "url": "http://www.i.cz/en/onas/tisk8.html" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc2246.txt" }, { "trust": 0.8, "url": "http://link.springer.de/link/service/series/0558/papers/1462/14620001.pdf" }, { "trust": 0.8, "url": "http://www.rsasecurity.com/rsalabs/pkcs1/qa.html" }, { "trust": 0.8, "url": "ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf" }, { "trust": 0.8, "url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc" }, { "trust": 0.8, "url": "ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc" }, { "trust": 0.8, "url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn7.pdf" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc2408.txt" }, { "trust": 0.8, "url": "http://www.ietf.org/rfc/rfc2409.txt" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0131" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0131" }, { "trust": 0.6, "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104811162730834\u0026w=2" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/11586" }, { "trust": 0.6, "url": "http://www.novell.com/linux/security/advisories/2003_024_openssl.html" }, { "trust": 0.6, "url": "http://www.suse.de/de/security/2003_024_openssl.html" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded" }, { "trust": 0.6, "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104878215721135\u0026w=2" }, { "trust": 0.6, "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=104852637112330\u0026w=2" }, { "trust": 0.6, "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:461" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://metalink.oracle.com" }, { "trust": 0.3, "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf" }, { "trust": 0.3, "url": "/archive/1/315632" }, { "trust": 0.3, "url": "/archive/1/315884" }, { "trust": 0.1, "url": "https://eprint.iacr.org/2003/052/)" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0131" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0131" } ], "sources": [ { "db": "CERT/CC", "id": "VU#888801" }, { "db": "BID", "id": "7148" }, { "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "db": "PACKETSTORM", "id": "169675" }, { "db": "NVD", "id": "CVE-2003-0131" }, { "db": "CNNVD", "id": "CNNVD-200303-076" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#888801" }, { "db": "BID", "id": "7148" }, { "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "db": "PACKETSTORM", "id": "169675" }, { "db": "NVD", "id": "CVE-2003-0131" }, { "db": "CNNVD", "id": "CNNVD-200303-076" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2003-04-23T00:00:00", "db": "CERT/CC", "id": "VU#888801" }, { "date": "2003-03-19T00:00:00", "db": "BID", "id": "7148" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "date": "2003-03-19T12:12:12", "db": "PACKETSTORM", "id": "169675" }, { "date": "2003-03-24T05:00:00", "db": "NVD", "id": "CVE-2003-0131" }, { "date": "2003-03-24T00:00:00", "db": "CNNVD", "id": "CNNVD-200303-076" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-08-25T00:00:00", "db": "CERT/CC", "id": "VU#888801" }, { "date": "2009-07-11T21:06:00", "db": "BID", "id": "7148" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000095" }, { "date": "2018-10-19T15:29:23.713000", "db": "NVD", "id": "CVE-2003-0131" }, { "date": "2005-10-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200303-076" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200303-076" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension", "sources": [ { "db": "CERT/CC", "id": "VU#888801" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "7148" }, { "db": "CNNVD", "id": "CNNVD-200303-076" } ], "trust": 0.9 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.