Lucene search

[email protected]NVD:CVE-2011-4576

HistoryJan 06, 2012 - 1:55 a.m.

CVE-2011-4576

2012-01-0601:55:00

CWE-310

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Affected configurations

NVD

Node

opensslopensslRange≤0.9.8r

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6hbogus

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch0.9.8q

Node

opensslopensslRange≤1.0.0e

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0beta1

opensslopensslMatch1.0.0beta2

opensslopensslMatch1.0.0beta3

opensslopensslMatch1.0.0beta4

opensslopensslMatch1.0.0beta5

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

marc.info/?l=bugtraq&m=132750648501816&w=2

marc.info/?l=bugtraq&m=133951357207000&w=2

marc.info/?l=bugtraq&m=134039053214295&w=2

rhn.redhat.com/errata/RHSA-2012-1306.html

rhn.redhat.com/errata/RHSA-2012-1307.html

rhn.redhat.com/errata/RHSA-2012-1308.html

secunia.com/advisories/48528

secunia.com/advisories/55069

secunia.com/advisories/57353

support.apple.com/kb/HT5784

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.debian.org/security/2012/dsa-2390

www.kb.cert.org/vuls/id/737740

www.mandriva.com/security/advisories?name=MDVSA-2012:006

www.mandriva.com/security/advisories?name=MDVSA-2012:007

www.openssl.org/news/secadv_20120104.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for NVD:CVE-2011-4576