← voltar
CVE-2018-16868

CVE-2018-16868

CVSS 4.7 MEDIUMEPSS 0.6%CWE-203
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
03 dez 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Produtos afetados
[UNKNOWN] · gnutls

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://cat.eyalro.net/http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00068.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868http://www.securityfocus.com/bid/106080