CVE-2008-7128

Published Aug 31, 2009

Last updated 7 years ago

CVSS info 7.5

Overview

Description: The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E54F52B-1D44-45CE-A4FB-4084E52FCAD7",
            "versionEndIncluding": "0.8"
          },
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FF85863-AE04-4B1E-87AA-5D32B3D28A51"
          },
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE0643D9-E251-4EC7-BC24-BBCA5BA6CD8C"
          },
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4018A22E-F8C7-4A2E-BBC7-1A360BEEC868"
          },
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21128DCE-2FEA-4038-9FA3-167C1BA9B041"
          },
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DFD8E9D-3CAF-4BC6-B5F2-5DE27A53E8C7"
          },
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4116FDA1-E82E-436F-9E5A-80CBB5512EE5"
          },
          {
            "criteria": "cpe:2.3:a:xyssl:xyssl:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "232BBEA4-E2B6-4667-AD6D-DECF21647316"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References