CVE-2011-2683

Опубликовано: 23 окт. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack.

Ссылки

http://www.openwall.com/lists/oss-security/2011/07/06/8
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/02/08/5
Mailing List
Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594
Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/07/06/8
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/02/08/5
Mailing List
Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/reseed/+bug/804594
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:reseed_project:reseed:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.0034

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-254

Связанные уязвимости

CVE-2011-2683

CVSS3: 5.9

ubuntu

около 8 лет назад

CVE-2011-2683

CVSS3: 5.9

debian

около 8 лет назад

reseed seeds random numbers from an insecure HTTP request to random.or ...

GHSA-ppfm-wxvv-g4mw

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 56%

0.0034

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-254