Search for vulnerabilities
| Vulnerability ID | VCID-pfz4-4vs5-kqc9 |
| Aliases |
CVE-2017-1000385
|
| Summary | |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 5.9 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3 | 6.5 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000385.json |
| epss | 0.72934 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.72934 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.83282 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.83282 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.83282 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.83282 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.83282 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.83282 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| epss | 0.83282 | https://api.first.org/data/v1/epss?cve=CVE-2017-1000385 |
| cvssv2 | 6.1 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| cvssv3 | 6.5 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| Data source | Metasploit |
|---|---|
| Description | Some TLS implementations handle errors processing RSA key exchanges and encryption (PKCS #1 v1.5 messages) in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when the TLS server does not strictly check message formatting and needs less than a million requests on average to decode a given ciphertext. A weak oracle server strictly checks message formatting and often requires many more requests to perform the attack. This module requires Python 3 with the gmpy2 and cryptography packages to be present. |
| Note | AKA: - ROBOT - Adaptive chosen-ciphertext attack |
| Ransomware campaign use | Unknown |
| Source publication date | June 17, 2009 |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.98731 |
| EPSS Score | 0.72934 |
| Published At | Aug. 3, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:35:56.734439+00:00 | Ubuntu USN Importer | Import | https://usn.ubuntu.com/3571-1/ | 37.0.0 |