Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2004-2682
HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2682

2004-12-3105:00:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
20
peersec
matrixssl
rsa blinding
timing differences
karatsuba
cve-2004-2682

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

32.4%

JSON

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server’s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (“Karatsuba” and normal), a related issue to CVE-2003-0147.

Related

cvelist 2
cve 1
openssl 1
ubuntucve 1
securityvulns 1
debiancve 1
f5 2
redhat 1
nessus 4
openvas 6
debian 2
osv 1
cert 2
oraclelinux 3
cvelist
cvelist
CVE-2004-2682
2022-10-03 16:14:14
CVE-2003-0147
2003-03-18 05:00:00
cve
cve
CVE-2003-0147
2003-03-31 05:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2003-0147
2003-03-14 00:00:00
ubuntucve
ubuntucve
CVE-2003-0147
2003-03-31 00:00:00
securityvulns
securityvulns
[ADVISORY] Timing Attack on OpenSSL
2003-03-18 00:00:00
debiancve
debiancve
CVE-2003-0147
2003-03-31 05:00:00
f5
f5
K2355 : Timing attacks on RSA private keys - CAN-2003-0147
2013-03-29 00:00:00
SOL2355 - Timing attacks on RSA private keys - CAN-2003-0147
2007-05-16 00:00:00
redhat
redhat
(RHSA-2003:102) openssl security update
2003-03-31 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : openssl (MDKSA-2003:035)
2004-07-31 00:00:00
Debian DSA-288-1 : openssl - several vulnerabilities
2004-09-29 00:00:00
RHEL 2.1 : openssl (RHSA-2003:102)
2004-07-06 00:00:00
openvas
openvas
HP-UX Update for ApacheStrong HPSBUX00255
2009-05-05 00:00:00
Debian Security Advisory DSA 288-1 (openssl)
2008-01-17 00:00:00
OpenSSL: Multiple Vulnerabilities (CVE-2003-0131, CVE-2003-0147) - Linux
2021-08-13 00:00:00
debian
debian
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
2003-04-17 00:00:00
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
2003-04-17 06:44:58
osv
osv
openssl - several vulnerabilities
2003-04-17 00:00:00
cert
cert
Cryptographic libraries and applications do not adequately defend against timing attacks
2003-03-25 00:00:00
Samba contains buffer overflow in SMB/CIFS packet fragment reassembly code
2003-03-17 00:00:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

32.4%

JSON
Related for CVE-2004-2682
cvelist2cve1openssl1ubuntucve1securityvulns1debiancve1f52redhat1nessus4openvas6debian2osv1cert2oraclelinux3