CVE-2003-0131
openssl - several vulnerabilities
EPSS 17.9%
Description
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
How to fix CVE-2003-0131
To remediate CVE-2003-0131, upgrade the affected package to a fixed version below.
- Debian/openssl—upgrade to 0.9.7b-1 or later
- —upgrade to 0.9.6c-2.woody.3 or later
Is CVE-2003-0131 being exploited?
Moderate — EPSS is 17.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.9.7b-1
- from 0, < 0.9.6c-2.woody.3