Vulnerability Details CVE-2001-0361
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v2 Score 4.0
References
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
- http://marc.info/?l=bugtraq&m=98158450021686&w=2
- http://www.ciac.org/ciac/bulletins/l-047.shtml
- http://www.debian.org/security/2001/dsa-023
- http://www.debian.org/security/2001/dsa-027
- http://www.debian.org/security/2001/dsa-086
- http://www.novell.com/linux/security/advisories/adv004_ssh.html
- http://www.osvdb.org/2116
- http://www.securityfocus.com/bid/2344
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6082
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
- http://marc.info/?l=bugtraq&m=98158450021686&w=2
- http://www.ciac.org/ciac/bulletins/l-047.shtml
- http://www.debian.org/security/2001/dsa-023
- http://www.debian.org/security/2001/dsa-027
- http://www.debian.org/security/2001/dsa-086
- http://www.novell.com/linux/security/advisories/adv004_ssh.html
- http://www.osvdb.org/2116
- http://www.securityfocus.com/bid/2344
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6082
Products affected by CVE-2001-0361
-
cpe:2.3:a:openbsd:openssh:1.2.3
-
cpe:2.3:a:openbsd:openssh:2.1
-
cpe:2.3:a:openbsd:openssh:2.1.1
-
cpe:2.3:a:ssh:ssh:1.2.0
-
cpe:2.3:a:ssh:ssh:1.2.1
-
cpe:2.3:a:ssh:ssh:1.2.10
-
cpe:2.3:a:ssh:ssh:1.2.11
-
cpe:2.3:a:ssh:ssh:1.2.12
-
cpe:2.3:a:ssh:ssh:1.2.13
-
cpe:2.3:a:ssh:ssh:1.2.14
-
cpe:2.3:a:ssh:ssh:1.2.15
-
cpe:2.3:a:ssh:ssh:1.2.16
-
cpe:2.3:a:ssh:ssh:1.2.17
-
cpe:2.3:a:ssh:ssh:1.2.18
-
cpe:2.3:a:ssh:ssh:1.2.19
-
cpe:2.3:a:ssh:ssh:1.2.2
-
cpe:2.3:a:ssh:ssh:1.2.20
-
cpe:2.3:a:ssh:ssh:1.2.21
-
cpe:2.3:a:ssh:ssh:1.2.22
-
cpe:2.3:a:ssh:ssh:1.2.23
-
cpe:2.3:a:ssh:ssh:1.2.24
-
cpe:2.3:a:ssh:ssh:1.2.25
-
cpe:2.3:a:ssh:ssh:1.2.26
-
cpe:2.3:a:ssh:ssh:1.2.27
-
cpe:2.3:a:ssh:ssh:1.2.28
-
cpe:2.3:a:ssh:ssh:1.2.29
-
cpe:2.3:a:ssh:ssh:1.2.3
-
cpe:2.3:a:ssh:ssh:1.2.30
-
cpe:2.3:a:ssh:ssh:1.2.31
-
cpe:2.3:a:ssh:ssh:1.2.4
-
cpe:2.3:a:ssh:ssh:1.2.5
-
cpe:2.3:a:ssh:ssh:1.2.6
-
cpe:2.3:a:ssh:ssh:1.2.7
-
cpe:2.3:a:ssh:ssh:1.2.8
-
cpe:2.3:a:ssh:ssh:1.2.9