Lucene search
HistoryAug 31, 2009 - 10:30 a.m.
CVE-2008-7128
cve-2008-7128
xyssl
bleichenbacher attacks
chosen ciphertext
remote attackers
key recovery
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.9%
The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.
Affected configurations
Node
xysslxysslRange≤0.8
ORxysslxysslMatch0.1
ORxysslxysslMatch0.2
ORxysslxysslMatch0.3
ORxysslxysslMatch0.4
ORxysslxysslMatch0.5
ORxysslxysslMatch0.6
ORxysslxysslMatch0.7
| CPE | Name | Operator | Version |
|---|---|---|---|
| xyssl:xyssl | xyssl | le | 0.8 |
| xyssl:xyssl | xyssl | eq | 0.1 |
| xyssl:xyssl | xyssl | eq | 0.2 |
| xyssl:xyssl | xyssl | eq | 0.3 |
| xyssl:xyssl | xyssl | eq | 0.4 |
| xyssl:xyssl | xyssl | eq | 0.5 |
| xyssl:xyssl | xyssl | eq | 0.6 |
| xyssl:xyssl | xyssl | eq | 0.7 |
Related
cvelist
cvelist
CVE-2008-7128
2009-08-31 10:00:00
ubuntucve
ubuntucve
CVE-2008-7128
2009-08-31 00:00:00
prion
prion
Code injection
2009-08-31 10:30:00
nvd
nvd
CVE-2008-7128
2009-08-31 10:30:01
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
76.9%
Related for CVE-2008-7128