Vulnerability Details : CVE-2015-7744
Potential exploit
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
Products affected by CVE-2015-7744
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Threat overview for CVE-2015-7744
Top countries where our scanners detected CVE-2015-7744
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2015-7744 454,695
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-7744!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-7744
1.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7744
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST | |
|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
References for CVE-2015-7744
-
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Oracle Critical Patch Update - January 2016Vendor Advisory
-
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
Factoring RSA Keys With TLS Perfect Forward Secrecy - Red Hat Customer PortalExploit;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html
[security-announce] openSUSE-SU-2016:0377-1: important: Security updateMailing List;Third Party Advisory
-
https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html
Two Vulnerabilities Recently Found, An Attack on RSA using CRT and DoS Vulnerability With DTLS - wolfSSLVendor Advisory
-
http://www.securitytracker.com/id/1034708
MySQL Multiple Bugs Let Remote Users Access Data and Deny Service, Remote Authenticated Users Modify Data, and Local Users Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
Exploit;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
[security-announce] openSUSE-SU-2016:0367-1: important: Security updateMailing List;Third Party Advisory
-
http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html
wolfSSL Changelog | wolfSSL Embedded SSL/TLS Library DocumentationRelease Notes;Vendor Advisory
Jump to