VDB
CVE-2001-0361
CVE-2001-0361
PUBLISHED
CVSS 4 MEDIUM
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
EPSS 1.31% · 80.2th percentile
Risk Scores
CVSS 2.0
4
EPSS Score
1.31%
80.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openbsd | openssh | 1.2.3, 2.1, 2.1.1 |
| ssh | ssh | 0 |
| n/a | n/a | n/a |
Timeline
- Sep 26, 2000 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 2344 vdb
- 2116 vdb
- DSA-027 vendor-advisory
- DSA-023 vendor-advisory
- ssh-session-key-recovery(6082) vdb
- L-047 third-party-advisory
- DSA-086 vendor-advisory
- FreeBSD-SA-01:24 vendor-advisory
- 20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability mailing-list
- SuSE-SA:2001:04 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2001-0361 advisory