Lucene search
+L

466 matches found

RedHat Linux
RedHat Linux
added 2012/09/24 3:53 p.m.4 views

openssl: CMS and PKCS#7 Bleichenbacher attack

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

5CVSS7.2AI score0.12932EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.39 views

CentOS Update for openssl CESA-2012:0426 centos6

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2012:0426 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

5CVSS8.1AI score0.16645EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.25 views

CentOS Update for openssl CESA-2012:0426 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS8.2AI score0.16645EPSS
Exploits0References2
Amazon
Amazon
added 2012/04/05 12:0 a.m.50 views

Medium: openssl

Issue Overview: A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions S/MIME messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. CVE-2012-1165 A flaw was found in the...

5CVSS8.8AI score0.12932EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2012/03/29 12:0 a.m.35 views

RedHat Update for openssl RHSA-2012:0426-01

Check for the Version of openssl OpenVAS Vulnerability Test RedHat Update for openssl RHSA-2012:0426-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS0.16645EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/03/29 12:0 a.m.30 views

RedHat Update for openssl RHSA-2012:0426-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS8.8AI score0.16645EPSS
Exploits0References2
Cent OS
Cent OS
added 2012/03/28 12:47 a.m.83 views

openssl security update

CentOS Errata and Security Advisory CESA-2012:0426 Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...

5CVSS7AI score0.12932EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2012/03/27 10:52 p.m.6 views

openssl: CMS and PKCS#7 Bleichenbacher attack

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

5CVSS7.2AI score0.12932EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2012/03/16 12:0 a.m.48 views

FreeBSD : OpenSSL -- CMS and S/MIME Bleichenbacher attack (60eb344e-6eb1-11e1-8ad7-00e0815b8da8)

The OpenSSL Team reports : A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

5CVSS8AI score0.12932EPSS
Exploits0References3
OpenSSL
OpenSSL
added 2012/03/12 12:0 a.m.50 views

Vulnerability in OpenSSL - CMS and S/MIME Bleichenbacher attack

A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher’s attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected, SSL/TLS applications are not affected by this issue. Found...

7.6AI score0.12932EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2012/03/12 12:0 a.m.46 views

OpenSSL -- CMS and S/MIME Bleichenbacher attack

The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

5CVSS8.1AI score0.12932EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.47 views

SSH PKCS #1 Version 1.5 Session Key Retrieval Vulnerability

Implementations of SSH version 1.5 are prone to a session key retrieval vulnerability. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4CVSS7.5AI score0.02501EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/25 12:0 a.m.14 views

SUSE-SA:2003:024: openssl

The remote host is missing the patch for the advisory SUSE-SA:2003:024 openssl. Researchers from the University of Stanford have discovered certain weaknesses in OpenSSL's RSA decryption algorithm. It allows remote attackers to compute the private RSA key of a server by observing its timing...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.52 views

RHEL 2.1 : openssl (RHSA-2003:102)

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. Updated 30 May 2003 Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport...

7.5CVSS8AI score0.06393EPSS
Exploits0References7
CERT
CERT
added 2003/04/23 12:0 a.m.49 views

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...

7.5CVSS8AI score0.0628EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2003/04/01 3:50 p.m.8 views

Important: Red Hat Security Advisory: : Updated OpenSSL packages fix vulnerabilities

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

7.5CVSS7.3AI score0.06393EPSS
Exploits0References3
NVD
NVD
added 2003/03/24 5:0 a.m.17 views

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

7.5CVSS6.2AI score0.0628EPSS
Exploits0References23
OSV
OSV
added 2003/03/24 5:0 a.m.7 views

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

6.1AI score
Exploits0References25
Debian CVE
Debian CVE
added 2003/03/21 5:0 a.m.50 views

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

7.5CVSS8.6AI score0.0628EPSS
Exploits0
CVE
CVE
added 2003/03/21 5:0 a.m.76 views

CVE-2003-0131

CVE-2003-0131 (and related CVE-2003-0147) affect OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a. The issue enables remote attackers to perform an unauthorized RSA private key operation via a Klima-Pokorny-Rosa–style Bleichenbacher attack using many SSL/TLS connections with PKCS#1 v1.5 padding, lea...

7.5CVSS9AI score0.0628EPSS
Exploits0References23Affected Software1
Rows per page
Query Builder