Lucene search

K
freebsdFreeBSD69BFC852-9BD0-11E2-A7BE-8C705AF55518
HistoryApr 02, 2013 - 12:00 a.m.

FreeBSD -- OpenSSL multiple vulnerabilities

2013-04-0200:00:00
vuxml.freebsd.org
30
openssl
ocsp
verification
denial of service
cbc
ciphersuites
plaintext
timing attack
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.008

Percentile

82.5%

A flaw in the OpenSSL handling of OCSP response
verification could be exploited to cause a denial of
service attack.
OpenSSL has a weakness in the handling of CBC
ciphersuites in SSL, TLS and DTLS. The weakness could reveal
plaintext in a timing attack.

Affected configurations

Vulners
Node
freebsdfreebsdRange8.38.3_7
VendorProductVersionCPE
freebsdfreebsd*cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.008

Percentile

82.5%