New Search

Klima-Pokorny-Rosa Attack Vulnerability

oval:org.mitre.oval:def:461

The SSL and TLS components for OpenSSL 0.9.6i and earlier 0.9.7 and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext aka the "Klima-Pokorny-Rosa attack."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Linux 9
Class:
vulnerability
Reference(s):
  • CVE-2003-0131
Product(s):
  • OpenSSL