CVE-2003-0131

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.5a through 0.9.6i OpenSSL versions 0.9.7 and 0.9.7a

Description The issue affects the SSL and TLS components of OpenSSL, allowing remote attackers to perform unauthorized RSA private key operations via a modified Bleichenbacher attack. This attack, also known as the Klima-Pokorny-Rosa attack, uses a large number of SSL or TLS connections with PKCS #1 v1.5 padding to cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext. The exploitation of these vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For OpenSSL versions 0.9.5a through 0.9.6i, update to a version later than 0.9.6i to resolve the issue. For OpenSSL versions 0.9.7 and 0.9.7a, update to a version later than 0.9.7a to resolve the issue. As a temporary workaround, consider restricting access to the SSL and TLS components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.