mod_ssl Information for VU#888801
SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension
- Vendor Information Help Date Notified: 18 Apr 2003
- Statement Date:
- Date Updated: 22 Apr 2003
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
mod_ssl itself is not directly vulnerable. To address this vulnerability in an Apache 1.3.x/mod_ssl system, however, mod_ssl needs to be linked against a patched/updated (0.9.7b/0.9.6j) version of OpenSSL.
If you have feedback, comments, or additional information about this vulnerability, please send us email.