Описание
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | not-affected | code not compiled |
| lucid | not-affected | code not compiled |
| natty | not-affected | code not compiled |
| oneiric | not-affected | 1.0.0e-2ubuntu4.6 |
| precise | not-affected | |
| upstream | not-affected | code not compiled |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not compiled |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | not-affected | code not compiled |
| precise | not-affected | code not compiled |
| upstream | needs-triage |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
EPSS
4 Medium
CVSS2