JVN/CVE Demo: Cveinfos

CVE

Id: 6976
CVE No.: CVE-2003-0147
Status: Candidate
Description: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server"s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Phase: Modified (20071129)
Votes: ACCEPT(4) Baker, Cole, Green, Wall | MODIFY(1) Cox | NOOP(1) Christey
Comments: Christey> ENGARDE:ESA-20030320-010 | BUGTRAQ:20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104819602408063&w=2 | Christey> FREEBSD:FreeBSD-SA-03:06.openssl | Cox> Addref:http://www.openssl.org/news/secadv_20030317.txt | Christey> MANDRAKE:MDKSA-2003:035 | URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035 | Christey> BUGTRAQ:20030325 GLSA: stunnel (200303-24) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104861762028637&w=2 | | Need to change desc to include stunnel | Cox> REDHAT:RHSA-2003:102 | URL:http://www.redhat.com/support/errata/RHSA-2003-102.html | Cox> REDHAT:RHSA-2003:101 | URL:http://www.redhat.com/support/errata/RHSA-2003-101.html | Christey> CONECTIVA:CLA-2003:625 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 | Christey> DEBIAN:DSA-288 | URL:http://www.debian.org/security/2003/dsa-288 | Christey> MANDRAKE:MDKSA-2003:035 | (as suggested by Vincent Danen of Mandrake) | Christey> SGI:20030501-01-I | URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I | Christey> REDHAT:RHSA-2003:205 | Christey> CERT-VN:VU#997481 | URL:http://www.kb.cert.org/vuls/id/997481

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
40548	6976	CVE-2003-0147	BUGTRAQ:20030313 Vulnerability in OpenSSL	View
40549	6976	CVE-2003-0147	URL:http://marc.info/?l=bugtraq&m=104766550528628&w=2	View
40550	6976	CVE-2003-0147	BUGTRAQ:20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL	View
40551	6976	CVE-2003-0147	URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded	View
40552	6976	CVE-2003-0147	BUGTRAQ:20030327 Immunix Secured OS 7+ openssl update	View
40553	6976	CVE-2003-0147	URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded	View
40554	6976	CVE-2003-0147	VULNWATCH:20030313 OpenSSL Private Key Disclosure	View
40555	6976	CVE-2003-0147	URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html	View
40556	6976	CVE-2003-0147	CONFIRM:http://www.openssl.org/news/secadv_20030317.txt	View
40557	6976	CVE-2003-0147	BUGTRAQ:20030317 [ADVISORY] Timing Attack on OpenSSL	View
40558	6976	CVE-2003-0147	URL:http://marc.info/?l=bugtraq&m=104792570615648&w=2	View
40559	6976	CVE-2003-0147	MISC:http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf	View
40560	6976	CVE-2003-0147	APPLE:APPLE-SA-2003-03-24	View
40561	6976	CVE-2003-0147	URL:http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded	View
40562	6976	CVE-2003-0147	CALDERA:CSSA-2003-014.0	View
40563	6976	CVE-2003-0147	URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt	View
40564	6976	CVE-2003-0147	CONECTIVA:CLA-2003:625	View
40565	6976	CVE-2003-0147	URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625	View
40566	6976	CVE-2003-0147	DEBIAN:DSA-288	View
40567	6976	CVE-2003-0147	URL:http://www.debian.org/security/2003/dsa-288	View
40568	6976	CVE-2003-0147	ENGARDE:ESA-20030320-010	View
40569	6976	CVE-2003-0147	FREEBSD:FreeBSD-SA-03:06	View
40570	6976	CVE-2003-0147	GENTOO:GLSA-200303-24	View
40571	6976	CVE-2003-0147	URL:http://marc.info/?l=bugtraq&m=104861762028637&w=2	View
40572	6976	CVE-2003-0147	GENTOO:GLSA-200303-15	View
40573	6976	CVE-2003-0147	URL:http://marc.info/?l=bugtraq&m=104829040921835&w=2	View
40574	6976	CVE-2003-0147	GENTOO:GLSA-200303-23	View
40575	6976	CVE-2003-0147	URL:http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml	View
40576	6976	CVE-2003-0147	IMMUNIX:IMNX-2003-7+-001-01	View
40577	6976	CVE-2003-0147	URL:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded	View
40578	6976	CVE-2003-0147	MANDRAKE:MDKSA-2003:035	View
40579	6976	CVE-2003-0147	URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035	View
40580	6976	CVE-2003-0147	OPENPKG:OpenPKG-SA-2003.019	View
40581	6976	CVE-2003-0147	URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html	View
40582	6976	CVE-2003-0147	REDHAT:RHSA-2003:101	View
40583	6976	CVE-2003-0147	URL:http://www.redhat.com/support/errata/RHSA-2003-101.html	View
40584	6976	CVE-2003-0147	REDHAT:RHSA-2003:102	View
40585	6976	CVE-2003-0147	URL:http://www.redhat.com/support/errata/RHSA-2003-102.html	View
40586	6976	CVE-2003-0147	REDHAT:RHSA-2003:205	View
40587	6976	CVE-2003-0147	SGI:20030501-01-I	View
40588	6976	CVE-2003-0147	URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I	View
40589	6976	CVE-2003-0147	BUGTRAQ:20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)	View
40590	6976	CVE-2003-0147	URL:http://marc.info/?l=bugtraq&m=104819602408063&w=2	View
40591	6976	CVE-2003-0147	CERT-VN:VU#997481	View
40592	6976	CVE-2003-0147	URL:http://www.kb.cert.org/vuls/id/997481	View
40593	6976	CVE-2003-0147	OVAL:oval:org.mitre.oval:def:466	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.31 MB
View render complete	2.79 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.80
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	474.81
Event: Controller.beforeRender	5.53
» Processing toolbar data	5.43
Rendering View	14.13
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	13.16
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.54
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/6976
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/6976
Remote Port	46403
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	18.218.108.184
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	18.218.108.184
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	18.218.108.184
Unique Id	aCSzcvRoHmsg9-KesvUh0wAAAKc
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	18.218.108.184
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	18.218.108.184
Redirect Unique Id	aCSzcvRoHmsg9-KesvUh0wAAAKc
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	18.218.108.184
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	18.218.108.184
Redirect Redirect Unique Id	aCSzcvRoHmsg9-KesvUh0wAAAKc
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747235698.6158
Request Time	1747235698

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files