VDB
CVE-2003-0131
CVE-2003-0131
PUBLISHED
CVSS 7.5 HIGH
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
EPSS 17.94% · 95.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
17.94%
95.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| openssl | openssl | 0.9.6a, 0.9.6b, 0.9.6d |
Exploit Intelligence
- OpenPKG-SA-2003.026 (circl)
- CLA-2003:625 (circl)
- RHSA-2003:101 (circl)
- RHSA-2003:102 (circl)
- 2003-0013 (circl)
- http://eprint.iacr.org/2003/052/ (circl)
- oval:org.mitre.oval:def:461 (circl)
- GLSA-200303-20 (circl)
- SuSE-SA:2003:024 (circl)
- CSSA-2003-014.0 (circl)
…and 16 more exploits
Timeline
- Mar 19, 2003 CVE Published
- Mar 19, 2003 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- DSA-288 vendor-advisory
- RHSA-2003:101 vendor-advisory
- RHSA-2003:102 vendor-advisory
- 2003-0013 vendor-advisory
- http://eprint.iacr.org/2003/052/ url
- oval:org.mitre.oval:def:461 vdb
- GLSA-200303-20 vendor-advisory
- SuSE-SA:2003:024 vendor-advisory
- CSSA-2003-014.0 vendor-advisory
- 7148 vdb
- http://lists.apple.com/mhonarc/security-announce/msg00028.html url
- OpenPKG-SA-2003.026 vendor-advisory
- http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html url
- IMNX-2003-7+-001-01 vendor-advisory
- http://www.openssl.org/news/secadv_20030319.txt url
- NetBSD-SA2003-007 vendor-advisory
- MDKSA-2003:035 vendor-advisory
- 20030324 GLSA: openssl (200303-20) mailing-list
- ssl-premaster-information-leak(11586) vdb
- 20030501-01-I vendor-advisory
…and 5 more