Lucene search

[email protected]NVD:CVE-2010-4252

HistoryDec 06, 2010 - 9:05 p.m.

CVE-2010-4252

2010-12-0621:05:49

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.1

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.

Affected configurations

Nvd

Node

opensslopensslRange≤1.0.0b

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7beta1

opensslopensslMatch0.9.7beta2

opensslopensslMatch0.9.7beta3

opensslopensslMatch0.9.7beta4

opensslopensslMatch0.9.7beta5

opensslopensslMatch0.9.7beta6

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

References

cvs.openssl.org/chngview?cn=20098

marc.info/?l=bugtraq&m=129916880600544&w=2

marc.info/?l=bugtraq&m=130497251507577&w=2

openssl.org/news/secadv_20101202.txt

seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf

secunia.com/advisories/42469

secunia.com/advisories/57353

securitytracker.com/id?1024823

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.securityfocus.com/bid/45163

www.vupen.com/english/advisories/2010/3120

www.vupen.com/english/advisories/2010/3122

bugzilla.redhat.com/show_bug.cgi?id=659297

github.com/seb-m/jpake

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.1

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON

Related for NVD:CVE-2010-4252

ubuntucve2 cvelist2 cve2 debiancve2 openvas11 openssl1 f52 nessus7 prion2 nvd1 slackware1 attackerkb1 securityvulns1 gentoo1 ibm6 vmware2 lenovo2