CVE-2003-0131

CVE-2003-0131 is a high-severity vulnerability in Openssl with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Frequently asked questions

What is CVE-2003-0131?
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
How severe is CVE-2003-0131?
CVE-2003-0131 has a CVSS 2.0 base score of 7.5, rated high severity.
Is CVE-2003-0131 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 6% (93rd percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2003-0131?
CVE-2003-0131 primarily affects Openssl. In total, 11 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2003-0131?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
When was CVE-2003-0131 published?
CVE-2003-0131 was published on 2003-03-24 and last updated on 2026-06-16.

References

Affected products (11)

More vulnerabilities in Openssl

All CVEs affecting Openssl →