Lucene search

[email protected]NVD:CVE-2012-0884

HistoryMar 13, 2012 - 3:12 a.m.

CVE-2012-0884

2012-03-1303:12:26

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.009

Percentile

82.5%

JSON

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

Affected configurations

Nvd

Node

opensslopensslRange≤0.9.8t

opensslopensslMatch0.9.0b

opensslopensslMatch0.9.1b

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.7m

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

opensslopensslMatch0.9.8k

opensslopensslMatch0.9.8l

opensslopensslMatch0.9.8m

opensslopensslMatch0.9.8n

opensslopensslMatch0.9.8o

opensslopensslMatch0.9.8p

opensslopensslMatch0.9.8q

opensslopensslMatch0.9.8r

opensslopensslMatch0.9.8s

opensslopensslMatch1.0.0

opensslopensslMatch1.0.0a

opensslopensslMatch1.0.0b

opensslopensslMatch1.0.0c

opensslopensslMatch1.0.0d

opensslopensslMatch1.0.0e

opensslopensslMatch1.0.0f

opensslopensslMatch1.0.0g

References

lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html

lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

marc.info/?l=bugtraq&m=133728068926468&w=2

marc.info/?l=bugtraq&m=133951357207000&w=2

marc.info/?l=bugtraq&m=134039053214295&w=2

rhn.redhat.com/errata/RHSA-2012-0426.html

rhn.redhat.com/errata/RHSA-2012-0488.html

rhn.redhat.com/errata/RHSA-2012-0531.html

rhn.redhat.com/errata/RHSA-2012-1306.html

rhn.redhat.com/errata/RHSA-2012-1307.html

rhn.redhat.com/errata/RHSA-2012-1308.html

secunia.com/advisories/48580

secunia.com/advisories/48895

secunia.com/advisories/48916

secunia.com/advisories/57353

www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

www.debian.org/security/2012/dsa-2454

www.kb.cert.org/vuls/id/737740

www.openssl.org/news/secadv_20120312.txt

downloads.avaya.com/css/P8/documents/100162507

hermes.opensuse.org/messages/14330767

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.009

Percentile

82.5%

JSON

CVE-2012-0884

Affected configurations

References

Related