CVE-2008-7128

EUVD-2008-7087
The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
xysslxyssl
𝑥
≤ 0.8
xysslxyssl
0.1
xysslxyssl
0.2
xysslxyssl
0.3
xysslxyssl
0.4
xysslxyssl
0.5
xysslxyssl
0.6
xysslxyssl
0.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xyssl
dapper
dne
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
dne
quantal
dne
raring
dne
Common Weakness Enumeration
References
http://polarssl.org/?archive#001c
http://www.vupen.com/english/advisories/2008/0917/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41253
http://polarssl.org/?archive#001c
http://www.vupen.com/english/advisories/2008/0917/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41253