The SSL and TLS components for OpenSSL 0.9.6i and previous versions, 0.9.7, and 0.9.7a allow remote malicious users to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl 0.9.6 |
||
openssl openssl 0.9.6h |
||
openssl openssl 0.9.6i |
||
openssl openssl 0.9.6a |
||
openssl openssl 0.9.6b |
||
openssl openssl 0.9.7 |
||
openssl openssl 0.9.7a |
||
openssl openssl 0.9.6e |
||
openssl openssl 0.9.6g |
||
openssl openssl 0.9.6c |
||
openssl openssl 0.9.6d |