Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2001-1141 | First vendor Publication | 2001-07-10 |
Vendor | Cve | Last vendor Modification | 2017-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1141 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
853 | OpenSSL PRNG Information Disclosure The pseudo-random number generator (PRNG) in OpenSSL contains a cryptographic design error, such that retrieving the output of a few hundred consecutive short PRNG requests enables attacker prediction of PRNG internal state. In turn, this allows the attacker to predict the subsequent PRNG output, significantly weakening the strength of the encryption. This problem originated in SSLeay and its derivative toolkits, of which OpenSSL is one. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-04 | Name : The remote server is affected by an SSL-related vulnerability. File : openssl_0_9_6b.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2001-065.nasl - Type : ACT_GATHER_INFO |
2002-08-05 | Name : The remote service uses a library that is affected by a buffer overflow vulne... File : openssl_overflow_generic_test.nasl - Type : ACT_MIXED_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:01:49 |
|
2024-02-01 12:01:18 |
|
2023-09-05 12:01:44 |
|
2023-09-05 01:01:09 |
|
2023-09-02 12:01:45 |
|
2023-09-02 01:01:09 |
|
2023-08-12 12:02:06 |
|
2023-08-12 01:01:09 |
|
2023-08-11 12:01:49 |
|
2023-08-11 01:01:10 |
|
2023-08-06 12:01:40 |
|
2023-08-06 01:01:10 |
|
2023-08-04 12:01:44 |
|
2023-08-04 01:01:10 |
|
2023-07-14 12:01:42 |
|
2023-07-14 01:01:11 |
|
2023-03-29 01:01:41 |
|
2023-03-28 12:01:15 |
|
2022-10-11 12:01:31 |
|
2022-10-11 01:01:03 |
|
2021-05-04 12:01:30 |
|
2021-04-22 01:01:39 |
|
2020-05-23 00:14:46 |
|
2017-10-10 09:23:23 |
|
2016-06-28 14:57:26 |
|
2014-02-17 10:24:08 |
|
2013-05-11 12:06:20 |
|