ID

VAR-200303-0010


CVE

CVE-2003-0147


TITLE

OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 7101 // CNNVD: CNNVD-200303-116

DESCRIPTION

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server's private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation

Trust: 2.61

sources: NVD: CVE-2003-0147 // CERT/CC: VU#997481 // JVNDB: JVNDB-2003-000098 // BID: 7101

AFFECTED PRODUCTS

vendor:stunnelmodel:stunnelscope:eqversion:4.04

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.03

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.02

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.01

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.22

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.21

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.19

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.18

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.20

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.0

Trust: 1.6

vendor:stunnelmodel:stunnelscope:eqversion:3.17

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.16

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.15

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.14

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.13

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.12

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.11

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.9

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.8

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.7

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.10

Trust: 1.3

vendor:openpkgmodel:openpkgscope:eqversion:1.2

Trust: 1.3

vendor:openpkgmodel:openpkgscope:eqversion:1.1

Trust: 1.3

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:openpkgmodel:openpkgscope:eqversion:*

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:conectivamodel: - scope: - version: -

Trust: 0.8

vendor:covalentmodel: - scope: - version: -

Trust: 0.8

vendor:cryptomodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:foundrymodel: - scope: - version: -

Trust: 0.8

vendor:fresshmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:gnu libgcryptmodel: - scope: - version: -

Trust: 0.8

vendor:gnu tlsmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:guardian digitalmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:hitachimodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:intotomodel: - scope: - version: -

Trust: 0.8

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openpkgmodel: - scope: - version: -

Trust: 0.8

vendor:opensshmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:sgimodel: - scope: - version: -

Trust: 0.8

vendor:ssh securitymodel: - scope: - version: -

Trust: 0.8

vendor:slackwaremodel: - scope: - version: -

Trust: 0.8

vendor:sorceror linuxmodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:stunnelmodel: - scope: - version: -

Trust: 0.8

vendor:the sco groupmodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:vandykemodel: - scope: - version: -

Trust: 0.8

vendor:wirexmodel: - scope: - version: -

Trust: 0.8

vendor:cryptlibmodel: - scope: - version: -

Trust: 0.8

vendor:esoftmodel: - scope: - version: -

Trust: 0.8

vendor:mod sslmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:lteversion:2.0.44

Trust: 0.8

vendor:openbsdmodel:opensshscope:lteversion:3.5

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.6j

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.7b

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:1.0.2.2

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9.0.2

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:8.1.7.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.0.1.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.2

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.4

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq4scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raqxtrscope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:2.6 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:2.6 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:6.5

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.00

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.20

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.22

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:6.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:vandykemodel:securecrtscope:eqversion:4.0.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:4.0.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:4.0.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:4.0.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.8

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.7

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.6

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.5

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.2.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.2.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.1.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.1.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.0

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:2.4

Trust: 0.3

vendor:sunmodel:cobalt raq xtrscope: - version: -

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:550

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:4

Trust: 0.3

vendor:sunmodel:cobalt qubescope:eqversion:3

Trust: 0.3

vendor:stunnelmodel:stunnelscope:eqversion:4.00

Trust: 0.3

vendor:sshmodel:communications security ipsec express toolkitscope: - version: -

Trust: 0.3

vendor:sshmodel:communications security certificate/tls toolkitscope: - version: -

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.19

Trust: 0.3

vendor:redhatmodel:mgetty-sendfax-1.1.14-8.i386.rpmscope:eqversion:2.2

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.2.0

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.3

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.2

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:oraclemodel:oracle9i application server .1sscope:eqversion:1.0.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:8.1.7

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:openpkgmodel:currentscope: - version: -

Trust: 0.3

vendor:mod sslmodel:mod sslscope:eqversion:2.8.14

Trust: 0.3

vendor:intotomodel:igatewayscope:eqversion:3.2

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.22

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.11

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.0

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.5

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.4

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.3

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.2

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.1

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.0

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.12

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.11

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.10

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.9

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.8

Trust: 0.3

vendor:foundrymodel:networks ironviewscope: - version: -

Trust: 0.3

vendor:f5model:big-ip blade controller ptf-01scope:eqversion:4.2.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.4

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.2

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.5

Trust: 0.3

vendor:cryptomodel:crypto++ libraryscope:eqversion:5.0

Trust: 0.3

vendor:cryptomodel:crypto++ libraryscope:eqversion:4.2

Trust: 0.3

vendor:covalentmodel:fast start serverscope:eqversion:3.3

Trust: 0.3

vendor:covalentmodel:fast start serverscope:eqversion:3.2

Trust: 0.3

vendor:covalentmodel:fast start serverscope:eqversion:3.1

Trust: 0.3

vendor:covalentmodel:enterprise ready serverscope:eqversion:2.3

Trust: 0.3

vendor:covalentmodel:enterprise ready serverscope:eqversion:2.2

Trust: 0.3

vendor:covalentmodel:enterprise ready serverscope:eqversion:2.1

Trust: 0.3

vendor:computermodel:associates etrust security command centerscope:eqversion:1.0

Trust: 0.3

vendor:compaqmodel:tru64 bscope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64 ascope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64scope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64 ascope:eqversion:5.0

Trust: 0.3

vendor:compaqmodel:tru64 gscope:eqversion:4.0

Trust: 0.3

vendor:compaqmodel:tru64 fscope:eqversion:4.0

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.3

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.3

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2.1

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2-2

Trust: 0.3

vendor:compaqmodel:openvms -1h2 alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms -1h1 alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.1-2

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.1

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.1

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:6.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:6.2

Trust: 0.3

vendor:compaqmodel:openvmsscope:eqversion:6.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:neversion:4.0.5

Trust: 0.3

vendor:opensslmodel:project openssl bscope:neversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl jscope:neversion:0.9.6

Trust: 0.3

vendor:opensshmodel:opensshscope:neversion:3.6.1

Trust: 0.3

vendor:hpmodel:hp-ux apache-based web serverscope:neversion:1.0.07.01

Trust: 0.3

vendor:cryptomodel:crypto++ libraryscope:neversion:5.1

Trust: 0.3

sources: CERT/CC: VU#997481 // BID: 7101 // JVNDB: JVNDB-2003-000098 // CNNVD: CNNVD-200303-116 // NVD: CVE-2003-0147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0147
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#997481
value: 9.42

Trust: 0.8

NVD: CVE-2003-0147
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200303-116
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2003-0147
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#997481 // JVNDB: JVNDB-2003-000098 // CNNVD: CNNVD-200303-116 // NVD: CVE-2003-0147

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-116

TYPE

Configuration Error

Trust: 0.9

sources: BID: 7101 // CNNVD: CNNVD-200303-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000098

PATCH

title:Top Pageurl:http://www.apache.org/

Trust: 0.8

title:HPSBUX00280url:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00954663

Trust: 0.8

title:HPSBUX0304-255url:http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0304-255

Trust: 0.8

title:HPSBUX0309-280url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0309-280.html

Trust: 0.8

title:HPSBUX0304-255url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0304-255.html

Trust: 0.8

title:secadv_20030317url:http://www.openssl.org/news/secadv_20030317.txt

Trust: 0.8

title:RHSA-2003:205url:http://rhn.redhat.com/errata/RHSA-2003-205.html

Trust: 0.8

title:RHSA-2003:102url:http://rhn.redhat.com/errata/RHSA-2003-102.html

Trust: 0.8

title:RHSA-2003:101url:https://rhn.redhat.com/errata/RHSA-2003-101.html

Trust: 0.8

title:56380url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-1

Trust: 0.8

title:56380url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-3

Trust: 0.8

title:4 Apache & SSL Security 2.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng&nav=patchpage

Trust: 0.8

title:XTR Apache & SSL Security 1.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng&nav=patchpage

Trust: 0.8

title:550 Apache & SSL Security 0.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng&nav=patchpage

Trust: 0.8

title:TLSA-2003-22url:http://www.turbolinux.com/security/2003/TLSA-2003-22.txt

Trust: 0.8

title:#62url:http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf

Trust: 0.8

title:RHSA-2003:205url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-205J.html

Trust: 0.8

title:RHSA-2003:102url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-102J.html

Trust: 0.8

title:RHSA-2003:101url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-101J.html

Trust: 0.8

title:TLSA-2003-22url:http://www.turbolinux.co.jp/security/2003/TLSA-2003-22j.txt

Trust: 0.8

sources: JVNDB: JVNDB-2003-000098

EXTERNAL IDS

db:NVDid:CVE-2003-0147

Trust: 2.7

db:CERT/CCid:VU#997481

Trust: 1.8

db:BIDid:7101

Trust: 1.1

db:JVNDBid:JVNDB-2003-000098

Trust: 0.8

db:CNNVDid:CNNVD-200303-116

Trust: 0.6

sources: CERT/CC: VU#997481 // BID: 7101 // JVNDB: JVNDB-2003-000098 // CNNVD: CNNVD-200303-116 // NVD: CVE-2003-0147

REFERENCES

url:http://www.securityfocus.com/archive/1/316165/30/25370/threaded

Trust: 4.0

url:http://www.securityfocus.com/archive/1/316577/30/25310/threaded

Trust: 4.0

url:http://www.openssl.org/news/secadv_20030317.txt

Trust: 2.8

url:ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt

Trust: 2.0

url:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i

Trust: 2.0

url:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html

Trust: 2.0

url:http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

Trust: 2.0

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=104766550528628&w=2

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=104792570615648&w=2

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=104819602408063&w=2

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=104829040921835&w=2

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=104861762028637&w=2

Trust: 2.0

url:http://www.debian.org/security/2003/dsa-288

Trust: 2.0

url:http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml

Trust: 2.0

url:http://www.kb.cert.org/vuls/id/997481

Trust: 2.0

url:http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:035

Trust: 2.0

url:http://www.openpkg.com/security/advisories/openpkg-sa-2003.019.html

Trust: 2.0

url:http://www.redhat.com/support/errata/rhsa-2003-101.html

Trust: 2.0

url:http://www.redhat.com/support/errata/rhsa-2003-102.html

Trust: 2.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a466

Trust: 2.0

url:http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html

Trust: 1.1

url:http://ietf.org/rfc/rfc2246.txt

Trust: 0.8

url:http://wp.netscape.com/eng/ssl3/draft302.txt

Trust: 0.8

url:http://www.cryptography.com/resources/whitepapers/timingattacks.pdf

Trust: 0.8

url:http://www.bell-labs.com/user/bleichen/papers/chosen.ps

Trust: 0.8

url:ftp://ftp.rsasecurity.com/pub/pdfs/bull-2.pdf

Trust: 0.8

url:ftp://ftp.rsasecurity.com/pub/pdfs/bulletn5.pdf

Trust: 0.8

url:http://link.springer.de/link/service/series/0558/papers/1070/10700001.pdf

Trust: 0.8

url:http://islab.oregonstate.edu/documents/people/blaze/quantize.shar

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0147

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0147

Trust: 0.8

url:http://www.securiteam.com/unixfocus/5fp0c209fe.html

Trust: 0.8

url:http://www.securityfocus.com/bid/7101

Trust: 0.8

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:http://www.eskimo.com/~weidai/cryptlib.html

Trust: 0.3

url:http://www.openbsd.org/errata31.html#kadmin

Trust: 0.3

url:http://www.openbsd.org/errata32.html

Trust: 0.3

url:http://www.oracle.com/ip/deploy/ias/index.html

Trust: 0.3

url:http://metalink.oracle.com

Trust: 0.3

url:http://www.covalent.net/support/rotate.php?page=109

Trust: 0.3

url:http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf

Trust: 0.3

url:/archive/1/315884

Trust: 0.3

url:/archive/1/315904

Trust: 0.3

url:/archive/1/315292

Trust: 0.3

url:/archive/1/315069

Trust: 0.3

sources: CERT/CC: VU#997481 // BID: 7101 // JVNDB: JVNDB-2003-000098 // NVD: CVE-2003-0147

CREDITS

David Brumley and Dan Boneh.

Trust: 0.6

sources: CNNVD: CNNVD-200303-116

SOURCES

db:CERT/CCid:VU#997481
db:BIDid:7101
db:JVNDBid:JVNDB-2003-000098
db:CNNVDid:CNNVD-200303-116
db:NVDid:CVE-2003-0147

LAST UPDATE DATE

2024-11-22T22:58:35.946000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#997481date:2004-08-25T00:00:00
db:BIDid:7101date:2009-07-11T21:06:00
db:JVNDBid:JVNDB-2003-000098date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200303-116date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0147date:2024-11-20T23:44:05.270

SOURCES RELEASE DATE

db:CERT/CCid:VU#997481date:2003-03-25T00:00:00
db:BIDid:7101date:2003-03-14T00:00:00
db:JVNDBid:JVNDB-2003-000098date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200303-116date:2003-03-31T00:00:00
db:NVDid:CVE-2003-0147date:2003-03-31T05:00:00