Openssl – Padding Oracle and PKCS7
Vulnerability details
An attacker can retrieve the public RSA key used in a CMS/PKCS7 exchange after sending a very large number of message.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
09/20/2019 |
Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 3 
|
Analysis
|
Impacted version
|
An attacker could obtain sensitive information about PKCS7 exchanges.
|
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The SNS 3.7.8 and 3.9.2 updates will fix this vulnerability.
|
Access vector |
Access complexity |
Authentication |
Confidentiality impact |
Integrity impact |
Availability impact |
Network |
High |
None |
Partial |
Partial |
None |
Exploitability |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Collateral Damage Potential |
Target Distribution |
None |
High [76-100%] |