CVE-2008-7128

The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
xysslxyssl
𝑥
≤ 0.8
xysslxyssl
0.1
xysslxyssl
0.2
xysslxyssl
0.3
xysslxyssl
0.4
xysslxyssl
0.5
xysslxyssl
0.6
xysslxyssl
0.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xyssl
raring
dne
quantal
dne
precise
dne
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
dapper
dne
Common Weakness Enumeration
References
http://polarssl.org/?archive#001c
http://www.vupen.com/english/advisories/2008/0917/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41253
http://polarssl.org/?archive#001c
http://www.vupen.com/english/advisories/2008/0917/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41253