Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7128

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7128
Last Modified 31 Aug 2009 12:00:00
Published 31 Aug 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7128

Summary

The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Bleichenbacher attacks using chosen ciphertext, which allows remote attackers to recover keys via unspecified vectors.

Vulnerable Systems

Application

  • Xyssl 0.1

  • Xyssl 0.2

  • Xyssl 0.3

  • Xyssl 0.4

  • Xyssl 0.5

  • Xyssl 0.6

  • Xyssl 0.7

  • Xyssl 0.8


References

XF - xyssl-sslparseclient-security-bypass(41253)

VUPEN - ADV-2008-0917

CONFIRM - http://polarssl.org/?archive#001c


Last Updated: 27 May 2016 10:49:28