Lucene search

[email protected]NVD:CVE-2011-4108

HistoryJan 06, 2012 - 1:55 a.m.

CVE-2011-4108

2012-01-0601:55:00

CWE-310

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8r

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6hbogus

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch0.9.8q

Node

opensslopensslRange≤1.0.0e

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

marc.info/?l=bugtraq&m=132750648501816&w=2

marc.info/?l=bugtraq&m=133951357207000&w=2

marc.info/?l=bugtraq&m=134039053214295&w=2

rhn.redhat.com/errata/RHSA-2012-1306.html

rhn.redhat.com/errata/RHSA-2012-1307.html

rhn.redhat.com/errata/RHSA-2012-1308.html

secunia.com/advisories/48528

secunia.com/advisories/57260

secunia.com/advisories/57353

support.apple.com/kb/HT5784

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.debian.org/security/2012/dsa-2390

www.isg.rhul.ac.uk/~kp/dtls.pdf

www.kb.cert.org/vuls/id/737740

www.mandriva.com/security/advisories?name=MDVSA-2012:006

www.mandriva.com/security/advisories?name=MDVSA-2012:007

www.openssl.org/news/secadv_20120104.txt

security.paloaltonetworks.com/CVE-2011-4108

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

Related for NVD:CVE-2011-4108