exploitDog

CVE-2017-1712

Опубликовано: 01 июл. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*

Версия до 9.0.1 (исключая)

EPSS

Процентиль: 40%

0.00185

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-f8fm-hvxr-8735

github

больше 3 лет назад

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."

EPSS

Процентиль: 40%

0.00185

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-326