[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-4576Date: (C)2012-01-05   (M)2018-06-20


The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
SECUNIA-48528
SECUNIA-55069
APPLE-SA-2013-06-04-1
DSA-2390
FEDORA-2012-18035
HPSBMU02786
HPSBOV02793
HPSBUX02734
IAVM:2012-A-0148
IAVM:2012-A-0153
IAVM:2013-A-0027
IAVM:2013-A-0113
MDVSA-2012:006
MDVSA-2012:007
RHSA-2012:1306
RHSA-2012:1307
RHSA-2012:1308
SSRT100729
SSRT100852
SSRT100877
SSRT100891
SUSE-SU-2012:0084
VU#737740
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
http://support.apple.com/kb/HT5784
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.openssl.org/news/secadv_20120104.txt
openSUSE-SU-2012:0083

CPE    63
cpe:/a:openssl:openssl:0.9.1c
cpe:/a:openssl:openssl:0.9.5a
cpe:/a:openssl:openssl:0.9.6e
cpe:/a:openssl:openssl:0.9.6f
...
CWE    1
CWE-310
OVAL    18
oval:org.secpod.oval:def:14147
oval:org.secpod.oval:def:700763
oval:org.secpod.oval:def:600700
oval:org.secpod.oval:def:103412
...

© SecPod Technologies