Description
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Support Plus Responsive Ticket System Unspecified Vulnerability (8.0.7)
WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3007)
MediaWiki CVE-2017-0371 Vulnerability (CVE-2017-0371)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)