Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Remediation
References
Related Vulnerabilities
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15734)
WordPress Plugin WP-Table Reloaded Cross-Site Scripting (1.9.3)
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (8.9)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Scripting (6.9.1)
WordPress Plugin Art-Picture-Gallery Arbitrary File Upload (1.2.9)