National Cyber-Alert System
Vulnerability Summary: CVE-2003-0131
Orirignal release date: 2003-03-24
Source: US-CERT/NIST

Overview

    The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Impact

    CVSS Severity: 8 (High)
    Range: remote
    Authentication: design
    Impact Type: int,sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    OpenSSL (OpenSSL Project)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0131