Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2003-0131
HistoryMar 24, 2003 - 5:00 a.m.

CVE-2003-0131

2003-03-2405:00:00
[email protected]
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the “Klima-Pokorny-Rosa attack.”

Affected configurations

NVD
Node
opensslopensslMatch0.9.6
OR
opensslopensslMatch0.9.6a
OR
opensslopensslMatch0.9.6b
OR
opensslopensslMatch0.9.6c
OR
opensslopensslMatch0.9.6d
OR
opensslopensslMatch0.9.6e
OR
opensslopensslMatch0.9.6g
OR
opensslopensslMatch0.9.6h
OR
opensslopensslMatch0.9.6i
OR
opensslopensslMatch0.9.7
OR
opensslopensslMatch0.9.7a

References

Related

ubuntucve 1
securityvulns 1
f5 2
cert 1
openssl 1
cvelist 1
suse 1
cve 1
debiancve 1
openvas 6
osv 1
debian 2
nessus 6
redhat 1
oraclelinux 3
ubuntucve
ubuntucve
CVE-2003-0131
2003-03-24 00:00:00
securityvulns
securityvulns
[OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
2003-03-20 00:00:00
f5
f5
SOL2379 - Klima-Pokorny-Rosa attack on RSA vulnerability CAN-2003-0131
2007-05-16 00:00:00
Klima-Pokorny-Rosa attack on RSA vulnerability CAN-2003-0131
2007-05-17 04:00:00
cert
cert
SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension
2003-04-23 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2003-0131
2003-03-19 00:00:00
cvelist
cvelist
CVE-2003-0131
2003-03-21 05:00:00
suse
suse
remote private-key retrieval in openssl
2003-04-04 12:36:38
cve
cve
CVE-2003-0131
2003-03-24 05:00:00
debiancve
debiancve
CVE-2003-0131
2003-03-24 05:00:00
openvas
openvas
Debian Security Advisory DSA 288-1 (openssl)
2008-01-17 00:00:00
OpenSSL: Multiple Vulnerabilities (CVE-2003-0131, CVE-2003-0147) - Linux
2021-08-13 00:00:00
HP-UX Update for ApacheStrong HPSBUX00255
2009-05-05 00:00:00
osv
osv
openssl - several vulnerabilities
2003-04-17 00:00:00
debian
debian
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
2003-04-17 06:44:58
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
2003-04-17 06:44:58
nessus
nessus
OpenSSL 0.9.7 < 0.9.7b Multiple Vulnerabilities
2024-06-07 00:00:00
OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities
2024-06-07 00:00:00
RHEL 2.1 : openssl (RHSA-2003:102)
2004-07-06 00:00:00
redhat
redhat
(RHSA-2003:102) openssl security update
2003-03-31 00:00:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON
Related for NVD:CVE-2003-0131
ubuntucve1securityvulns1f52cert1openssl1cvelist1suse1cve1debiancve1openvas6osv1debian2nessus6redhat1oraclelinux3