Erlang/OTP Vulnerability in CBC Padding Verification Affecting Man-in-the-Middle Attackers
CVE-2015-2774

5.9MEDIUM

Key Information:

Vendor

Erlang

Status
Erlang\/otp
Vendor
CVE Published:
7 April 2016

What is CVE-2015-2774?

Erlang/OTP versions before 18.0-rc1 are susceptible to a vulnerability due to inadequate verification of CBC padding bytes during connection terminations. This oversight can be exploited by man-in-the-middle attackers, enabling them to execute padding-oracle attacks. Such attacks may allow unauthorized interception and exposure of cleartext data, posing significant risks to data integrity and confidentiality.

References

https://usn.ubuntu.com/3571-1/
vendor-advisoryx_refsource_UBUNTU
https://web.archive.org/web/20150905124006/http://www.erl...
x_refsource_CONFIRM
https://www.imperialviolet.org/2014/12/08/poodleagain.html
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.