OpenSSL Security Advisory 20030319 - Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their attack requires the attacker to open millions of SSL/TLS connections to the server under attack; the server's behaviour when faced with specially made-up RSA ciphertexts can reveal information that in effect allows the attacker to perform a single RSA private key operation on a ciphertext of its choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. This problem affects all applications using the OpenSSL SSL/TLS library. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability.
4d24c6c0af7aac73c8334f26525af38f0ca841377103f5a53b2f6fc43df97938
PTwebdav is a utility for Windows which checks for IIS 5.0 servers which are vulnerable to the Webdav Vulnerability using a malformed search method.
c652dfb7340124f0b105b9dd61418eddaf74e988443a0e886ee1c8338f1c4058