Sign-up

ID

VAR-200303-0010


CVE

CVE-2003-0147


TITLE

OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 7101 // CNNVD: CNNVD-200303-116

DESCRIPTION

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server's private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation

Trust: 2.61

sources: NVD: CVE-2003-0147 // CERT/CC: VU#997481 // JVNDB: JVNDB-2003-000098 // BID: 7101

AFFECTED PRODUCTS

vendor:stunnelmodel:stunnelscope:eqversion:4.04

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.03

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.02

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.01

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.22

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.21

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.19

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.18

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:3.20

Trust: 1.9

vendor:stunnelmodel:stunnelscope:eqversion:4.0

Trust: 1.6

vendor:stunnelmodel:stunnelscope:eqversion:3.17

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.16

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.15

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.14

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.13

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.12

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.11

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.9

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.8

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.7

Trust: 1.3

vendor:stunnelmodel:stunnelscope:eqversion:3.10

Trust: 1.3

vendor:openpkgmodel:openpkgscope:eqversion:1.2

Trust: 1.3

vendor:openpkgmodel:openpkgscope:eqversion:1.1

Trust: 1.3

vendor:opensslmodel:opensslscope:eqversion:0.9.7a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.0

vendor:openpkgmodel:openpkgscope:eqversion:*

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:conectivamodel: - scope: - version: -

Trust: 0.8

vendor:covalentmodel: - scope: - version: -

Trust: 0.8

vendor:cryptomodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:foundrymodel: - scope: - version: -

Trust: 0.8

vendor:fresshmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:gnu libgcryptmodel: - scope: - version: -

Trust: 0.8

vendor:gnu tlsmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:guardian digitalmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:hitachimodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:intotomodel: - scope: - version: -

Trust: 0.8

vendor:mandrakesoftmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openpkgmodel: - scope: - version: -

Trust: 0.8

vendor:opensshmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:sgimodel: - scope: - version: -

Trust: 0.8

vendor:ssh securitymodel: - scope: - version: -

Trust: 0.8

vendor:slackwaremodel: - scope: - version: -

Trust: 0.8

vendor:sorceror linuxmodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:stunnelmodel: - scope: - version: -

Trust: 0.8

vendor:the sco groupmodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:vandykemodel: - scope: - version: -

Trust: 0.8

vendor:wirexmodel: - scope: - version: -

Trust: 0.8

vendor:cryptlibmodel: - scope: - version: -

Trust: 0.8

vendor:esoftmodel: - scope: - version: -

Trust: 0.8

vendor:mod sslmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:lteversion:2.0.44

Trust: 0.8

vendor:openbsdmodel:opensshscope:lteversion:3.5

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.6j

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.7b

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:1.0.2.2

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9.0.2

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:8.1.7.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.0.1.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.2

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.4

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq4scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raqxtrscope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:2.6 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:2.6 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:6.5

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.00

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.20

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.22

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:6.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:vandykemodel:securecrtscope:eqversion:4.0.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:4.0.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:4.0.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:4.0.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.8

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.7

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.6

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.5

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.4

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.3

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.2.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.2.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.1.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.1.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.1

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:3.0

Trust: 0.3

vendor:vandykemodel:securecrtscope:eqversion:2.4

Trust: 0.3

vendor:sunmodel:cobalt raq xtrscope: - version: -

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:550

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:4

Trust: 0.3

vendor:sunmodel:cobalt qubescope:eqversion:3

Trust: 0.3

vendor:stunnelmodel:stunnelscope:eqversion:4.00

Trust: 0.3

vendor:sshmodel:communications security ipsec express toolkitscope: - version: -

Trust: 0.3

vendor:sshmodel:communications security certificate/tls toolkitscope: - version: -

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.19

Trust: 0.3

vendor:redhatmodel:mgetty-sendfax-1.1.14-8.i386.rpmscope:eqversion:2.2

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.2.0

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.3

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.2

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:oraclemodel:oracle9i application server .1sscope:eqversion:1.0.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:8.1.7

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:openpkgmodel:currentscope: - version: -

Trust: 0.3

vendor:mod sslmodel:mod sslscope:eqversion:2.8.14

Trust: 0.3

vendor:intotomodel:igatewayscope:eqversion:3.2

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.22

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.11

Trust: 0.3

vendor:hpmodel:hp-uxscope:eqversion:11.0

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.5

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.4

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.3

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.2

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.1

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.0

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.12

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.11

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.10

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.9

Trust: 0.3

vendor:gnumodel:libgcryptscope:eqversion:1.1.8

Trust: 0.3

vendor:foundrymodel:networks ironviewscope: - version: -

Trust: 0.3

vendor:f5model:big-ip blade controller ptf-01scope:eqversion:4.2.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.4

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.2

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.5

Trust: 0.3

vendor:cryptomodel:crypto++ libraryscope:eqversion:5.0

Trust: 0.3

vendor:cryptomodel:crypto++ libraryscope:eqversion:4.2

Trust: 0.3

vendor:covalentmodel:fast start serverscope:eqversion:3.3

Trust: 0.3

vendor:covalentmodel:fast start serverscope:eqversion:3.2

Trust: 0.3

vendor:covalentmodel:fast start serverscope:eqversion:3.1

Trust: 0.3

vendor:covalentmodel:enterprise ready serverscope:eqversion:2.3

Trust: 0.3

vendor:covalentmodel:enterprise ready serverscope:eqversion:2.2

Trust: 0.3

vendor:covalentmodel:enterprise ready serverscope:eqversion:2.1

Trust: 0.3

vendor:computermodel:associates etrust security command centerscope:eqversion:1.0

Trust: 0.3

vendor:compaqmodel:tru64 bscope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64 ascope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64scope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64 ascope:eqversion:5.0

Trust: 0.3

vendor:compaqmodel:tru64 gscope:eqversion:4.0

Trust: 0.3

vendor:compaqmodel:tru64 fscope:eqversion:4.0

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.3

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.3

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2.1

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2-2

Trust: 0.3

vendor:compaqmodel:openvms -1h2 alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms -1h1 alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.1-2

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.1

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.1

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:6.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:6.2

Trust: 0.3

vendor:compaqmodel:openvmsscope:eqversion:6.2

Trust: 0.3

vendor:vandykemodel:securecrtscope:neversion:4.0.5

Trust: 0.3

vendor:opensslmodel:project openssl bscope:neversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl jscope:neversion:0.9.6

Trust: 0.3

vendor:opensshmodel:opensshscope:neversion:3.6.1

Trust: 0.3

vendor:hpmodel:hp-ux apache-based web serverscope:neversion:1.0.07.01

Trust: 0.3

vendor:cryptomodel:crypto++ libraryscope:neversion:5.1

Trust: 0.3

sources: CERT/CC: VU#997481 // BID: 7101 // JVNDB: JVNDB-2003-000098 // NVD: CVE-2003-0147 // CNNVD: CNNVD-200303-116

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2003-0147
value: MEDIUM

Trust: 1.8

CARNEGIE MELLON: VU#997481
value: 9.42

Trust: 0.8

CNNVD: CNNVD-200303-116
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2003-0147
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: CERT/CC: VU#997481 // JVNDB: JVNDB-2003-000098 // NVD: CVE-2003-0147 // CNNVD: CNNVD-200303-116

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-116

TYPE

Configuration Error

Trust: 0.9

sources: BID: 7101 // CNNVD: CNNVD-200303-116

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2003-0147

PATCH
title:Top Pageurl:http://www.apache.org/
Trust: 0.8
title:HPSBUX00280url:http://www1.itrc.hp.com/service/cki/docdisplay.do?docid=c00954663
Trust: 0.8
title:HPSBUX0304-255url:http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=hpsbux0304-255
Trust: 0.8
title:HPSBUX0309-280url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0309-280.html
Trust: 0.8
title:HPSBUX0304-255url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux0304-255.html
Trust: 0.8
title:secadv_20030317url:http://www.openssl.org/news/secadv_20030317.txt
Trust: 0.8
title:RHSA-2003:205url:http://rhn.redhat.com/errata/rhsa-2003-205.html
Trust: 0.8
title:RHSA-2003:102url:http://rhn.redhat.com/errata/rhsa-2003-102.html
Trust: 0.8
title:RHSA-2003:101url:https://rhn.redhat.com/errata/rhsa-2003-101.html
Trust: 0.8
title:56380url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-1
Trust: 0.8
title:56380url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-3
Trust: 0.8
title:4 Apache & SSL Security 2.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng&nav=patchpage
Trust: 0.8
title:XTR Apache & SSL Security 1.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng&nav=patchpage
Trust: 0.8
title:550 Apache & SSL Security 0.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng&nav=patchpage
Trust: 0.8
title:TLSA-2003-22url:http://www.turbolinux.com/security/2003/tlsa-2003-22.txt
Trust: 0.8
title:#62url:http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf
Trust: 0.8
title:RHSA-2003:205url:http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-205j.html
Trust: 0.8
title:RHSA-2003:102url:http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-102j.html
Trust: 0.8
title:RHSA-2003:101url:http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-101j.html
Trust: 0.8
title:TLSA-2003-22url:http://www.turbolinux.co.jp/security/2003/tlsa-2003-22j.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000098

EXTERNAL IDS
db:NVDid:CVE-2003-0147
Trust: 2.7
db:CERT/CCid:VU#997481
Trust: 1.8
db:BIDid:7101
Trust: 1.1
db:JVNDBid:JVNDB-2003-000098
Trust: 0.8
db:CNNVDid:CNNVD-200303-116
Trust: 0.6
sources:
            
            
            CERT/CC: VU#997481 // 
            
            
            
            BID: 7101 // 
            
            
            
            JVNDB: JVNDB-2003-000098 // 
            
            
            
            NVD: CVE-2003-0147 // 
            
            
            
            CNNVD: CNNVD-200303-116

REFERENCES
url:http://www.openssl.org/news/secadv_20030317.txt
Trust: 1.8
url:http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
Trust: 1.1
url:ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt
Trust: 1.0
url:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i
Trust: 1.0
url:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
Trust: 1.0
url:http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Trust: 1.0
url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=104766550528628&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=104792570615648&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=104819602408063&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=104829040921835&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=104861762028637&w=2
Trust: 1.0
url:http://www.debian.org/security/2003/dsa-288
Trust: 1.0
url:http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
Trust: 1.0
url:http://www.kb.cert.org/vuls/id/997481
Trust: 1.0
url:http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:035
Trust: 1.0
url:http://www.openpkg.com/security/advisories/openpkg-sa-2003.019.html
Trust: 1.0
url:http://www.redhat.com/support/errata/rhsa-2003-101.html
Trust: 1.0
url:http://www.redhat.com/support/errata/rhsa-2003-102.html
Trust: 1.0
url:http://www.securityfocus.com/archive/1/316165/30/25370/threaded
Trust: 1.0
url:http://www.securityfocus.com/archive/1/316577/30/25310/threaded
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a466
Trust: 1.0
url:http://ietf.org/rfc/rfc2246.txt
Trust: 0.8
url:http://wp.netscape.com/eng/ssl3/draft302.txt
Trust: 0.8
url:http://www.cryptography.com/resources/whitepapers/timingattacks.pdf
Trust: 0.8
url:http://www.bell-labs.com/user/bleichen/papers/chosen.ps
Trust: 0.8
url:ftp://ftp.rsasecurity.com/pub/pdfs/bull-2.pdf
Trust: 0.8
url:ftp://ftp.rsasecurity.com/pub/pdfs/bulletn5.pdf
Trust: 0.8
url:http://link.springer.de/link/service/series/0558/papers/1070/10700001.pdf
Trust: 0.8
url:http://islab.oregonstate.edu/documents/people/blaze/quantize.shar
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0147
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0147
Trust: 0.8
url:http://www.securiteam.com/unixfocus/5fp0c209fe.html
Trust: 0.8
url:http://www.securityfocus.com/bid/7101
Trust: 0.8
url:http://www.info.apple.com/usen/security/security_updates.html
Trust: 0.3
url:http://www.eskimo.com/~weidai/cryptlib.html
Trust: 0.3
url:http://www.openbsd.org/errata31.html#kadmin
Trust: 0.3
url:http://www.openbsd.org/errata32.html
Trust: 0.3
url:http://www.oracle.com/ip/deploy/ias/index.html
Trust: 0.3
url:http://metalink.oracle.com
Trust: 0.3
url:http://www.covalent.net/support/rotate.php?page=109
Trust: 0.3
url:http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf
Trust: 0.3
url:/archive/1/315884
Trust: 0.3
url:/archive/1/315904
Trust: 0.3
url:/archive/1/315292
Trust: 0.3
url:/archive/1/315069
Trust: 0.3
sources:
            
            
            CERT/CC: VU#997481 // 
            
            
            
            BID: 7101 // 
            
            
            
            JVNDB: JVNDB-2003-000098 // 
            
            
            
            NVD: CVE-2003-0147

CREDITS
David Brumley and Dan Boneh.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200303-116

SOURCES
db:CERT/CCid:VU#997481
db:BIDid:7101
db:JVNDBid:JVNDB-2003-000098
db:NVDid:CVE-2003-0147
db:CNNVDid:CNNVD-200303-116

LAST UPDATE DATE
2023-12-18T13:10:54.856000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#997481date:2004-08-25T00:00:00
db:BIDid:7101date:2009-07-11T21:06:00
db:JVNDBid:JVNDB-2003-000098date:2007-04-01T00:00:00
db:NVDid:CVE-2003-0147date:2018-10-19T15:29:26.540
db:CNNVDid:CNNVD-200303-116date:2005-10-20T00:00:00

SOURCES RELEASE DATE
db:CERT/CCid:VU#997481date:2003-03-25T00:00:00
db:BIDid:7101date:2003-03-14T00:00:00
db:JVNDBid:JVNDB-2003-000098date:2007-04-01T00:00:00
db:NVDid:CVE-2003-0147date:2003-03-31T05:00:00
db:CNNVDid:CNNVD-200303-116date:2003-03-31T00:00:00