Search for vulnerabilities
Vulnerability details: VCID-fq9y-x2ae-aaac
Vulnerability ID VCID-fq9y-x2ae-aaac
Aliases CVE-2003-0147
VC-OPENSSL-20030314-CVE-2003-0147
Summary RSA blinding was not enabled by default, which could allow local and remote attackers to obtain a server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.02910 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.02910 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.02910 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.02910 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.21537 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.22856 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.243 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
epss 0.32541 https://api.first.org/data/v1/epss?cve=CVE-2003-0147
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1616986
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2003-0147
Reference id Reference type URL
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
http://marc.info/?l=bugtraq&m=104766550528628&w=2
http://marc.info/?l=bugtraq&m=104792570615648&w=2
http://marc.info/?l=bugtraq&m=104819602408063&w=2
http://marc.info/?l=bugtraq&m=104829040921835&w=2
http://marc.info/?l=bugtraq&m=104861762028637&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0147.json
https://api.first.org/data/v1/epss?cve=CVE-2003-0147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0147
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
https://www.openssl.org/news/secadv/20030317.txt
http://www.debian.org/security/2003/dsa-288
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
http://www.kb.cert.org/vuls/id/997481
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
http://www.openssl.org/news/secadv_20030317.txt
http://www.redhat.com/support/errata/RHSA-2003-101.html
http://www.redhat.com/support/errata/RHSA-2003-102.html
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
1616986 https://bugzilla.redhat.com/show_bug.cgi?id=1616986
cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
CVE-2003-0147 https://nvd.nist.gov/vuln/detail/CVE-2003-0147
RHSA-2003:101 https://access.redhat.com/errata/RHSA-2003:101
RHSA-2003:102 https://access.redhat.com/errata/RHSA-2003:102
RHSA-2003:116 https://access.redhat.com/errata/RHSA-2003:116
RHSA-2003:117 https://access.redhat.com/errata/RHSA-2003:117
RHSA-2003:205 https://access.redhat.com/errata/RHSA-2003:205
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0147
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.82769
EPSS Score 0.00863
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.