Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2021/02/17 12:0 a.m.19 views

OpenSSL: Incorrect SSLv2 rollback protection (CVE-2021-23839) - Linux

OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

4.3CVSS5.7AI score0.02961EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 5:15 p.m.4 views

ALPINE-CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

3.7CVSS6.6AI score0.02961EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/02/16 5:15 p.m.29 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS6.7AI score0.02961EPSS
Exploits0References4
Amazon
Amazon
added 2020/02/17 12:0 a.m.43 views

Low: openssl

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...

4.3CVSS6.8AI score0.03838EPSS
Exploits0
Rows per page
Query Builder