Search for vulnerabilities
Vulnerability details: VCID-dfg7-5zwk-aaan
Vulnerability ID VCID-dfg7-5zwk-aaan
Aliases CVE-2003-0131
VC-OPENSSL-20030319-CVE-2003-0131
Summary The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack"
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.05378 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23158 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23461 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23461 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.23461 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
epss 0.31466 https://api.first.org/data/v1/epss?cve=CVE-2003-0131
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1616975
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2003-0131
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
http://eprint.iacr.org/2003/052/
http://lists.apple.com/mhonarc/security-announce/msg00028.html
http://marc.info/?l=bugtraq&m=104811162730834&w=2
http://marc.info/?l=bugtraq&m=104852637112330&w=2
http://marc.info/?l=bugtraq&m=104878215721135&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0131.json
https://api.first.org/data/v1/epss?cve=CVE-2003-0131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0131
https://exchange.xforce.ibmcloud.com/vulnerabilities/11586
https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461
https://www.openssl.org/news/secadv/20030319.txt
http://www.debian.org/security/2003/dsa-288
http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml
http://www.kb.cert.org/vuls/id/888801
http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html
http://www.mandriva.com/security/advisories?name=MDKSA-2003:035
http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html
http://www.openssl.org/news/secadv_20030319.txt
http://www.redhat.com/support/errata/RHSA-2003-101.html
http://www.redhat.com/support/errata/RHSA-2003-102.html
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
http://www.securityfocus.com/bid/7148
1616975 https://bugzilla.redhat.com/show_bug.cgi?id=1616975
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
CVE-2003-0131 https://nvd.nist.gov/vuln/detail/CVE-2003-0131
RHSA-2003:101 https://access.redhat.com/errata/RHSA-2003:101
RHSA-2003:102 https://access.redhat.com/errata/RHSA-2003:102
RHSA-2003:116 https://access.redhat.com/errata/RHSA-2003:116
RHSA-2003:117 https://access.redhat.com/errata/RHSA-2003:117
RHSA-2003:205 https://access.redhat.com/errata/RHSA-2003:205
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0131
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93329
EPSS Score 0.05378
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.