Описание
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
Ссылки
- Issue TrackingMailing ListVendor Advisory
- Issue TrackingMailing ListVendor Advisory
- Issue TrackingMailing ListVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party AdvisoryUS Government Resource
- Issue TrackingMailing ListVendor Advisory
- Issue TrackingMailing ListVendor Advisory
- Issue TrackingMailing ListVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
Одно из
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
The Erlang otp TLS server answers with different TLS alerts to differe ...
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
Уязвимость интерпретатора языка программирования Erlang, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2