CVE-2011-4121
published 2019-11-26CVE-2011-4121: The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key…
PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.53%
82.9th percentile
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openssl | openssl_extension_of_ruby | — | — |
| ruby-lang | ruby | >= 1.8.7.334 < 1.9.3 | 1.9.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mjg4-5rfj-952f: The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private
ghsa_unreviewed·2022-04-22
CVE-2011-4121 [CRITICAL] CWE-326 GHSA-mjg4-5rfj-952f: The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
Red Hat
extension): Insecure way of creation exponent value by private RSA key generation
vendor_redhat·2011-11-03·CVSS 9.8
CVE-2011-4121 [CRITICAL] CWE-330 extension): Insecure way of creation exponent value by private RSA key generation
extension): Insecure way of creation exponent value by private RSA key generation
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
Package: ruby (Red Hat Enterprise Linux 4) - Not affected
Package: ruby (Red Hat Enterprise Linux 5) - Not affected
Package: ruby (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2013/07/01/1https://access.redhat.com/security/cve/cve-2011-4121https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121https://security-tracker.debian.org/tracker/CVE-2011-4121http://www.openwall.com/lists/oss-security/2013/07/01/1https://access.redhat.com/security/cve/cve-2011-4121https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121https://security-tracker.debian.org/tracker/CVE-2011-4121
2019-11-26
Published