Description

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

Remediation

References

CVE-2012-0884

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39111)

Python CVE-2022-42919 Vulnerability (CVE-2022-42919)

PHP Improper Input Validation Vulnerability (CVE-2014-3480)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410)

WordPress Plugin ELEX WooCommerce Google Shopping (Google Product Feed) Cross-Site Scripting (1.2.3)

Severity

Medium

Classification

CVE-2012-0884

Tags

Missing Update Known Vulnerabilities