Description
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.17.3)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.5)
WordPress Plugin TablePress XML External Entity Injection (1.8)
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5506)
ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0256)