Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-4108
HistoryJan 05, 2012 - 12:00 a.m.

CVE-2011-4108

2012-01-0500:00:00
ubuntu.com
ubuntu.com
14

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.1%

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f
performs a MAC check only if certain padding is valid, which makes it
easier for remote attackers to recover plaintext via a padding oracle
attack.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenssl< 0.9.8g-4ubuntu3.15UNKNOWN
ubuntu10.04noarchopenssl< 0.9.8k-7ubuntu8.8UNKNOWN
ubuntu10.10noarchopenssl< 0.9.8o-1ubuntu4.6UNKNOWN
ubuntu11.04noarchopenssl< 0.9.8o-5ubuntu1.2UNKNOWN
ubuntu11.10noarchopenssl< 1.0.0e-2ubuntu4.2UNKNOWN
ubuntu11.10noarchopenssl098< 0.9.8o-7ubuntu1.2UNKNOWN

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.1%