Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSL 安全漏洞
Vulnerability Description
OpenSSL在实现SSL/TLS(SSL,安全套接层协议;TLS,安全传输层协议,用于在两个应用程序通信时间提供保密性和完整性保护。)系列协议过程中,支持多个版本的SSL协议,包括SSLv2、SSLv3等协议。 OpenSSL的SSLv2实现过程存在安全漏洞。攻击者可利用编号为CNNVD-201603-001的漏洞发起DROWN攻击,破解采用TLS协议加密的会话数据,利用编号为CNNVD-201603-005的漏洞缩短完成上述攻击的攻击时间。以下版本受到影响:OpenSSL 0.9.8zf之前版本,1.
CVSS Information
N/A
Vulnerability Type
N/A