Vulnerability Name: | CVE-2001-0361 (CCN-6082) | ||||||||||||
Assigned: | 2001-02-07 | ||||||||||||
Published: | 2001-02-07 | ||||||||||||
Updated: | 2018-05-03 | ||||||||||||
Summary: | Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-310 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: FREEBSD Type: UNKNOWN FreeBSD-SA-01:24 Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-01:24 ssh Source: CCN Type: NetBSD Security Advisory 2001-003 Secure Shell vulnerabilities and key generation Source: MITRE Type: CNA CVE-2001-0361 Source: BUGTRAQ Type: UNKNOWN 20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability Source: CCN Type: CIAC Information Bulletin L-047 OpenSSH SSH1 Coding Error and Server Key Vulnerability Source: CIAC Type: UNKNOWN L-047 Source: CCN Type: CIAC Information Bulletin M-017 Multiple SSH Version 1 Vulnerabilities Source: CCN Type: Cisco Systems Inc. Security Advisory, 2001 June 27 08:00 (UTC -0800) Multiple SSH Vulnerabilities Source: CCN Type: CORE SDI S.A. Security Advisory CORE-20010116 SSH protocol 1.5 session key recovery vulnerability Source: DEBIAN Type: UNKNOWN DSA-023 Source: DEBIAN Type: UNKNOWN DSA-027 Source: DEBIAN Type: UNKNOWN DSA-086 Source: DEBIAN Type: DSA-023 inn2 -- local tempfile vulnerabilities Source: DEBIAN Type: DSA-027 OpenSSH -- remote exploit Source: DEBIAN Type: DSA-086 ssh-nonfree -- remote root exploit Source: CCN Type: US-CERT VU#161576 Certain implementations of SSH1 may reveal internal cryptologic state Source: SUSE Type: UNKNOWN SuSE-SA:2001:04 Source: OSVDB Type: UNKNOWN 2116 Source: CCN Type: OSVDB ID: 2116 PKCS 1 Version 1.5 Session Key Retrieval (Bleichenbacher Attack) Source: BID Type: Patch, Vendor Advisory 2344 Source: CCN Type: BID-2344 PKCS #1 Version 1.5 Session Key Retrieval Vulnerability Source: CCN Type: SSH Secure Shell Download Page Download Source: CCN Type: SuSE Security Announcement SuSE-SA:2001:004 ssh Source: XF Type: UNKNOWN ssh-session-key-recovery(6082) Source: XF Type: UNKNOWN ssh-session-key-recovery(6082) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |