Details of VAR-200412-0735

ID

VAR-200412-0735

CVE

CVE-2004-2682

TITLE

PeerSec MatrixSSL Private key vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200412-901

DESCRIPTION

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147. MatrixSSL is prone to a cross-site scripting vulnerability

Trust: 1.17

sources: NVD: CVE-2004-2682 // BID: 82518

AFFECTED PRODUCTS

vendor:	peersec	model:	matrixssl	scope:	lte	version:	1.0	Trust: 1.0
vendor:	peersec	model:	matrixssl	scope:	eq	version:	1.0	Trust: 0.6
vendor:	peersec	model:	networks matrixssl	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 82518 // CNNVD: CNNVD-200412-901 // NVD: CVE-2004-2682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2682
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-901
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2004-2682
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200412-901 // NVD: CVE-2004-2682

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-901

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200412-901

EXTERNAL IDS

db:	NVD	id:	CVE-2004-2682	Trust: 1.9
db:	CNNVD	id:	CNNVD-200412-901	Trust: 0.6
db:	BID	id:	82518	Trust: 0.3

sources: BID: 82518 // CNNVD: CNNVD-200412-901 // NVD: CVE-2004-2682

REFERENCES

url:

http://www.matrixssl.org/archives/000075.html

Trust: 1.9

sources: BID: 82518 // CNNVD: CNNVD-200412-901 // NVD: CVE-2004-2682

CREDITS

Unknown

Trust: 0.3

sources: BID: 82518

SOURCES

db:	BID	id:	82518
db:	CNNVD	id:	CNNVD-200412-901
db:	NVD	id:	CVE-2004-2682

LAST UPDATE DATE

2024-08-14T14:48:06.050000+00:00

SOURCES UPDATE DATE

db:	BID	id:	82518	date:	2004-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200412-901	date:	2007-08-01T00:00:00
db:	NVD	id:	CVE-2004-2682	date:	2008-09-05T20:44:49.577

SOURCES RELEASE DATE

db:	BID	id:	82518	date:	2004-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200412-901	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2682	date:	2004-12-31T05:00:00