Search for vulnerabilities
Vulnerability details: VCID-w4ca-z9kb-aaae
Vulnerability ID VCID-w4ca-z9kb-aaae
Aliases CVE-2003-0078
VC-OPENSSL-20030219-CVE-2003-0078
Summary sl3_get_record in s3_pkt.c did not perform a MAC computation if an incorrect block cipher padding was used, causing an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-203 Observable Discrepancy
System Score Found at
epss 0.01954 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.01954 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.01954 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.01954 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.02621 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07401 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.07933 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
epss 0.17446 https://api.first.org/data/v1/epss?cve=CVE-2003-0078
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1616956
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2003-0078
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
http://marc.info/?l=bugtraq&m=104567627211904&w=2
http://marc.info/?l=bugtraq&m=104568426824439&w=2
http://marc.info/?l=bugtraq&m=104577183206905&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0078.json
https://api.first.org/data/v1/epss?cve=CVE-2003-0078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078
https://www.openssl.org/news/secadv/20030219.txt
http://www.ciac.org/ciac/bulletins/n-051.shtml
http://www.debian.org/security/2003/dsa-253
http://www.iss.net/security_center/static/11369.php
http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
http://www.openssl.org/news/secadv_20030219.txt
http://www.osvdb.org/3945
http://www.redhat.com/support/errata/RHSA-2003-062.html
http://www.redhat.com/support/errata/RHSA-2003-063.html
http://www.redhat.com/support/errata/RHSA-2003-082.html
http://www.redhat.com/support/errata/RHSA-2003-104.html
http://www.redhat.com/support/errata/RHSA-2003-205.html
http://www.securityfocus.com/bid/6884
http://www.trustix.org/errata/2003/0005
1616956 https://bugzilla.redhat.com/show_bug.cgi?id=1616956
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
CVE-2003-0078 https://nvd.nist.gov/vuln/detail/CVE-2003-0078
CVE-2003-0078;OSVDB-3945 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/22264.txt
CVE-2003-0078;OSVDB-3945 Exploit https://www.securityfocus.com/bid/6884/info
RHSA-2003:062 https://access.redhat.com/errata/RHSA-2003:062
RHSA-2003:063 https://access.redhat.com/errata/RHSA-2003:063
RHSA-2003:082 https://access.redhat.com/errata/RHSA-2003:082
RHSA-2003:104 https://access.redhat.com/errata/RHSA-2003:104
RHSA-2003:205 https://access.redhat.com/errata/RHSA-2003:205
Data source Exploit-DB
Date added Feb. 19, 2003
Description OpenSSL 0.9.x - CBC Error Information Leakage
Ransomware campaign use Known
Source publication date Feb. 19, 2003
Exploit type remote
Platform linux
Source update date Oct. 28, 2012
Source URL https://www.securityfocus.com/bid/6884/info
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0078
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88399
EPSS Score 0.01954
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.