High

CVE-2003-0131 - Unspecified vulnerability in Openssl

Publication: 2003-03-24
Summary

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Openssl Openssl 0.9.6e
  • Openssl Openssl 0.9.6
  • Openssl Openssl 0.9.6b
  • Openssl Openssl 0.9.6c
  • Openssl Openssl 0.9.6d
  • Openssl Openssl 0.9.6a
  • Openssl Openssl 0.9.6g
  • Openssl Openssl 0.9.6h
  • Openssl Openssl 0.9.6i
  • Openssl Openssl 0.9.7
  • Openssl Openssl 0.9.7a