CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.6%

CVSS Severity

CVSS v2 Score 6.4

References

http://secunia.com/advisories/27859
http://www.kb.cert.org/vuls/id/150249
http://www.openssl.org/news/secadv_20071129.txt
http://www.securityfocus.com/bid/26652
http://www.securitytracker.com/id?1019029
http://www.vupen.com/english/advisories/2007/4044
https://exchange.xforce.ibmcloud.com/vulnerabilities/38796
http://secunia.com/advisories/27859
http://www.kb.cert.org/vuls/id/150249
http://www.openssl.org/news/secadv_20071129.txt
http://www.securityfocus.com/bid/26652
http://www.securitytracker.com/id?1019029
http://www.vupen.com/english/advisories/2007/4044
https://exchange.xforce.ibmcloud.com/vulnerabilities/38796

Products affected by CVE-2007-5502

Openssl » Fips Object Module » Version: 1.1.1

cpe:2.3:a:openssl:fips_object_module:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5502

Products

Pricing

Contact Us