Lucene search

[email protected]NVD:CVE-2003-0147

HistoryMar 31, 2003 - 5:00 a.m.

CVE-2003-0147

2003-03-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.009

Percentile

82.5%

JSON

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server’s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (“Karatsuba” and normal).

Affected configurations

Nvd

Node

openpkgopenpkg

openpkgopenpkgMatch1.1

openpkgopenpkgMatch1.2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7a

stunnelstunnelMatch3.7

stunnelstunnelMatch3.8

stunnelstunnelMatch3.9

stunnelstunnelMatch3.10

stunnelstunnelMatch3.11

stunnelstunnelMatch3.12

stunnelstunnelMatch3.13

stunnelstunnelMatch3.14

stunnelstunnelMatch3.15

stunnelstunnelMatch3.16

stunnelstunnelMatch3.17

stunnelstunnelMatch3.18

stunnelstunnelMatch3.19

stunnelstunnelMatch3.20

stunnelstunnelMatch3.21

stunnelstunnelMatch3.22

stunnelstunnelMatch4.0

stunnelstunnelMatch4.01

stunnelstunnelMatch4.02

stunnelstunnelMatch4.03

stunnelstunnelMatch4.04

VendorProductVersionCPE
openpkgopenpkg*cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
openpkgopenpkg1.1cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
openpkgopenpkg1.2cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
opensslopenssl0.9.6cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
opensslopenssl0.9.6acpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
opensslopenssl0.9.6bcpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
opensslopenssl0.9.6ccpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
opensslopenssl0.9.6dcpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
opensslopenssl0.9.6ecpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
opensslopenssl0.9.6gcpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openpkg	openpkg	*	cpe:2.3:a:openpkg:openpkg::::::::
openpkg	openpkg	1.1	cpe:2.3:a:openpkg:openpkg:1.1:::::::*
openpkg	openpkg	1.2	cpe:2.3:a:openpkg:openpkg:1.2:::::::*
openssl	openssl	0.9.6	cpe:2.3:a:openssl:openssl:0.9.6:::::::*
openssl	openssl	0.9.6a	cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
openssl	openssl	0.9.6b	cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
openssl	openssl	0.9.6c	cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
openssl	openssl	0.9.6d	cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
openssl	openssl	0.9.6e	cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
openssl	openssl	0.9.6g	cpe:2.3:a:openssl:openssl:0.9.6g:::::::*