Description

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Remediation

References

CVE-2003-0131

Related Vulnerabilities

MySQL CVE-2012-3156 Vulnerability (CVE-2012-3156)

WordPress Plugin Disc Golf Manager PHP Object Injection (1.0.0)

Lighttpd Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4559)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)

WordPress Plugin WooCommerce Security Bypass (2.1.7)

Severity

High

Classification

CVE-2003-0131

Tags

Missing Update Known Vulnerabilities