oval:org.mitre.oval:def:24249
Definition Id: oval:org.mitre.oval:def:24249 | |||
Oval ID: | oval:org.mitre.oval:def:24249 | ||
Title: | Vulnerability in OpenSSL before 0.9.8h on 32-bit platforms, allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts | ||
Description: | crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4354 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|