NVD - CVE-2002-20001 (original) (raw)
Change History
12 change records found show changes
CVE Modified by MITRE 5/13/2024 9:22:35 PM
| Action | Type | Old Value | New Value |
|---|
CVE Modified by MITRE 4/23/2024 3:15:41 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | MITRE https://ieeexplore.ieee.org/document/10374117 [No types assigned] |
CVE Modified by MITRE 1/10/2024 10:15:08 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | MITRE https://dheatattack.gitlab.io/ [No types assigned] |
CVE Modified by MITRE 9/25/2023 1:15:09 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | Description | Record truncated, showing 500 of 578 characters. View Entire Change Record The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it | Record truncated, showing 500 of 589 characters. View Entire Change Record The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must cla |
| Added | Reference | https://gitlab.com/dheatattack/dheater [No Types Assigned] |
CPE Deprecation Remap by NIST 8/16/2023 10:17:11 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | CPE Configuration | OR *cpe:2.3:a:f5:traffix_sdc:5.1.0:*:*:*:*:*:*:* | OR *cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:* |
CPE Deprecation Remap by NIST 8/16/2023 10:17:11 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | CPE Configuration | OR *cpe:2.3:a:f5:traffix_sdc:5.2.0:*:*:*:*:*:*:* | OR *cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:* |
Reanalysis by NIST 7/18/2023 8:55:30 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration | OR *cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:* versions up to (excluding) 3.3.3 *cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* versions from (including) 2.7.0 up to (excluding) 4.3.16 *cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* versions from (including) 4.4.0 up to (excluding) 4.6.3 |
Modified Analysis by NIST 5/16/2023 12:15:29 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration | Record truncated, showing 500 of 1514 characters. View Entire Change Record AND OR *cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* versions from (including) 10.06.0000 up to (excluding) 10.06.0180 *cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* versions from (including) 10.07.0000 up to (excluding) 10.07.0030 *cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* versions from (including) 10.08.0000 up to (excluding) 10.08.0010 *cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* versions from (including) 10.09.0000 up to (excluding) 10.09.0002 OR | |
| Added | CPE Configuration | AND OR *cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:* | |
| Added | CPE Configuration | Record truncated, showing 500 of 2960 characters. View Entire Change Record OR *cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 17.1.0 *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 17.1.0 *cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 17.1.0 *cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from (including) 13.1.0 up to (including) 17.1.0 | |
| Added | CPE Configuration | OR *cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* *cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:* *cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:* | |
| Changed | Reference Type | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf No Types Assigned | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf Third Party Advisory |
| Changed | Reference Type | https://dheatattack.com No Types Assigned | https://dheatattack.com Third Party Advisory |
| Changed | Reference Type | https://github.com/Balasys/dheater Third Party Advisory | https://github.com/Balasys/dheater Product |
| Changed | Reference Type | https://github.com/mozilla/ssl-config-generator/issues/162 Third Party Advisory | https://github.com/mozilla/ssl-config-generator/issues/162 Issue Tracking |
| Changed | Reference Type | https://support.f5.com/csp/article/K83120834 No Types Assigned | https://support.f5.com/csp/article/K83120834 Third Party Advisory |
| Changed | Reference Type | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt No Types Assigned | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt Third Party Advisory |
| Changed | Reference Type | https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/ No Types Assigned | https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/ Third Party Advisory |
| Changed | Reference Type | https://www.reddit.com/r/netsec/comments/qdoosy/server\_overload\_by\_enforcing\_dhe\_key\_exchange/ Third Party Advisory | https://www.reddit.com/r/netsec/comments/qdoosy/server\_overload\_by\_enforcing\_dhe\_key\_exchange/ Issue Tracking |
| Changed | Reference Type | https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745\_Security\_Issues\_in\_the\_Diffie-Hellman\_Key\_Agreement\_Protocol Exploit, Third Party Advisory | https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745\_Security\_Issues\_in\_the\_Diffie-Hellman\_Key\_Agreement\_Protocol Exploit, Technical Description |
| Changed | Reference Type | https://www.suse.com/support/kb/doc/?id=000020510 No Types Assigned | https://www.suse.com/support/kb/doc/?id=000020510 Third Party Advisory |
CVE Modified by MITRE 11/09/2022 1:15:11 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://dheatattack.com [No Types Assigned] | |
| Added | Reference | https://support.f5.com/csp/article/K83120834 [No Types Assigned] | |
| Added | Reference | https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt [No Types Assigned] | |
| Added | Reference | https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/ [No Types Assigned] | |
| Added | Reference | https://www.suse.com/support/kb/doc/?id=000020510 [No Types Assigned] |
CVE Modified by MITRE 11/08/2022 9:15:11 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf [No Types Assigned] |
Initial Analysis by NIST 11/16/2021 10:36:58 AM
CVE Modified by MITRE 11/11/2021 6:15:07 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://github.com/mozilla/ssl-config-generator/issues/162 [No Types Assigned] | |
| Added | Reference | https://www.reddit.com/r/netsec/comments/qdoosy/server\_overload\_by\_enforcing\_dhe\_key\_exchange/ [No Types Assigned] |