CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the Klima-Pokorny-Rosa attack.

Affected Software

Name	Vendor	Start Version	End Version
Openssl	Openssl	0.9.6 (including)	0.9.6 (including)
Openssl	Openssl	0.9.6a (including)	0.9.6a (including)
Openssl	Openssl	0.9.6b (including)	0.9.6b (including)
Openssl	Openssl	0.9.6c (including)	0.9.6c (including)
Openssl	Openssl	0.9.6d (including)	0.9.6d (including)
Openssl	Openssl	0.9.6e (including)	0.9.6e (including)
Openssl	Openssl	0.9.6g (including)	0.9.6g (including)
Openssl	Openssl	0.9.6h (including)	0.9.6h (including)
Openssl	Openssl	0.9.6i (including)	0.9.6i (including)
Openssl	Openssl	0.9.7 (including)	0.9.7 (including)
Openssl	Openssl	0.9.7a (including)	0.9.7a (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux 6.2	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*
Red Hat Linux 7.3	RedHat		*
Red Hat Linux 8.0	RedHat		*
Red Hat Linux 9	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Red Hat Stronghold 3	RedHat		*
Red Hat Stronghold 4	RedHat		*
Openssl	Ubuntu	dapper	*
Openssl	Ubuntu	devel	*
Openssl	Ubuntu	edgy	*
Openssl	Ubuntu	feisty	*
Openssl097	Ubuntu	dapper	*
Openssl097	Ubuntu	devel	*
Openssl097	Ubuntu	edgy	*
Openssl097	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0131
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References