Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2003-0131
HistoryMar 24, 2003 - 5:00 a.m.

CVE-2003-0131

2003-03-2405:00:00
[email protected]
web.nvd.nist.gov
27
openssl
ssl
tls
cve-2003-0131
unauthorized access
rsa
bleichenbacher attack
klima-pokorny-rosa attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.074 Low

EPSS

Percentile

94.1%

JSON

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the “Klima-Pokorny-Rosa attack.”

Affected configurations

NVD
Node
opensslopensslMatch0.9.6
OR
opensslopensslMatch0.9.6a
OR
opensslopensslMatch0.9.6b
OR
opensslopensslMatch0.9.6c
OR
opensslopensslMatch0.9.6d
OR
opensslopensslMatch0.9.6e
OR
opensslopensslMatch0.9.6g
OR
opensslopensslMatch0.9.6h
OR
opensslopensslMatch0.9.6i
OR
opensslopensslMatch0.9.7
OR
opensslopensslMatch0.9.7a

References

Related

f5 2
cert 1
suse 1
openssl 1
cvelist 1
nvd 1
ubuntucve 1
securityvulns 1
debiancve 1
osv 1
debian 2
openvas 6
nessus 6
redhat 1
oraclelinux 3
f5
f5
SOL2379 - Klima-Pokorny-Rosa attack on RSA vulnerability CAN-2003-0131
2007-05-16 00:00:00
Klima-Pokorny-Rosa attack on RSA vulnerability CAN-2003-0131
2007-05-17 04:00:00
cert
cert
SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension
2003-04-23 00:00:00
suse
suse
remote private-key retrieval in openssl
2003-04-04 12:36:38
openssl
openssl
Vulnerability in OpenSSL CVE-2003-0131
2003-03-19 00:00:00
cvelist
cvelist
CVE-2003-0131
2003-03-21 05:00:00
nvd
nvd
CVE-2003-0131
2003-03-24 05:00:00
ubuntucve
ubuntucve
CVE-2003-0131
2003-03-24 00:00:00
securityvulns
securityvulns
[OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
2003-03-20 00:00:00
debiancve
debiancve
CVE-2003-0131
2003-03-24 05:00:00
osv
osv
openssl - several vulnerabilities
2003-04-17 00:00:00
debian
debian
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
2003-04-17 06:44:58
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
2003-04-17 06:44:58
openvas
openvas
HP-UX Update for ApacheStrong HPSBUX00255
2009-05-05 00:00:00
OpenSSL: Multiple Vulnerabilities (CVE-2003-0131, CVE-2003-0147) - Windows
2021-08-13 00:00:00
Debian Security Advisory DSA 288-1 (openssl)
2008-01-17 00:00:00
nessus
nessus
OpenSSL 0.9.7 < 0.9.7b Multiple Vulnerabilities
2024-06-07 00:00:00
OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities
2024-06-07 00:00:00
RHEL 2.1 : openssl (RHSA-2003:102)
2004-07-06 00:00:00
redhat
redhat
(RHSA-2003:102) openssl security update
2003-03-31 00:00:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.074 Low

EPSS

Percentile

94.1%

JSON
Related for CVE-2003-0131
f52cert1suse1openssl1cvelist1nvd1ubuntucve1securityvulns1debiancve1osv1debian2openvas6nessus6redhat1oraclelinux3