CVE-2017-1000385
MEDIUM
5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM
4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,8328
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
203
Observable Discrepancy
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Potential Impacts:
Read Application Data
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
Application
Erlang\/Otp by Erlang
CPE Identifier
View Detailed Analysis
cpe:2.3:a:erlang:erlang\/otp:19.3.6.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Erlang\/Otp by Erlang
CPE Identifier
View Detailed Analysis
cpe:2.3:a:erlang:erlang\/otp:18.3.4.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Erlang\/Otp by Erlang
CPE Identifier
View Detailed Analysis
cpe:2.3:a:erlang:erlang\/otp:20.1.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://erlang.org/pipermail/erlang-questions/2017-November/094255.html
http://erlang.org/pipermail/erlang-questions/2017-November/094256.html
http://erlang.org/pipermail/erlang-questions/2017-November/094257.html
https://access.redhat.com/errata/RHSA-2018:0242
https://access.redhat.com/errata/RHSA-2018:0303
https://access.redhat.com/errata/RHSA-2018:0368
https://access.redhat.com/errata/RHSA-2018:0528
https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html
https://robotattack.org/
https://usn.ubuntu.com/3571-1/
https://www.debian.org/security/2017/dsa-4057
https://www.kb.cert.org/vuls/id/144389
http://www.securityfocus.com/bid/102197
http://erlang.org/pipermail/erlang-questions/2017-November/094255.html
http://erlang.org/pipermail/erlang-questions/2017-November/094256.html
http://erlang.org/pipermail/erlang-questions/2017-November/094257.html
https://access.redhat.com/errata/RHSA-2018:0242
https://access.redhat.com/errata/RHSA-2018:0303
https://access.redhat.com/errata/RHSA-2018:0368
https://access.redhat.com/errata/RHSA-2018:0528
https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html
https://robotattack.org/
https://usn.ubuntu.com/3571-1/
https://www.debian.org/security/2017/dsa-4057
https://www.kb.cert.org/vuls/id/144389
http://www.securityfocus.com/bid/102197