CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Published: Mar 24, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-0131
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
openssl / openssl	0.9.6i	0.9.6i.x
openssl / openssl	0.9.6d	0.9.6d.x
openssl / openssl	0.9.6	0.9.6.x
openssl / openssl	0.9.6a	0.9.6a.x
openssl / openssl	0.9.6e	0.9.6e.x
openssl / openssl	0.9.7	0.9.7.x
openssl / openssl	0.9.6b	0.9.6b.x
openssl / openssl	0.9.6g	0.9.6g.x
openssl / openssl	0.9.6h	0.9.6h.x
openssl / openssl	0.9.7a	0.9.7a.x
openssl / openssl	0.9.6c	0.9.6c.x

Vulnerability Database

CVE-2003-0131