CVE-2003-0131

EPSS 17.9%

openssl - several vulnerabilities

Published: 3/24/2003Modified: 4/28/2026

Description

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Affected packages (2)

Debian/opensslfrom 0, < 0.9.7b-1
Debian/opensslfrom 0, < 0.9.6c-2.woody.3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2003-0131