CVE-2011-1945
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
We have discovered 28,185 live websites that are affected by CVE-2011-1945.
Affected Software
| Product |  OpenSSL |
| Category | Web Server Extensions |
| Vulnerable Domains | 28,185 live websites (4.20% of OpenSSL install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 8 versions ( 20.00% of all versions) |
Details
- Published - Jun 1, 2011
- Updated - Aug 6, 2024
CVE References
CVE-2011-1945 usage by Country
 United States | 5,930 websites |
 Germany | 3,003 websites |
 Japan | 1,853 websites |
 France | 1,718 websites |
 Czech Republic | 1,713 websites |
 Russia | 1,518 websites |
 Austria | 1,187 websites |
 Korea, South | 1,056 websites |
 China | 808 websites |
CVE-2011-1945 usage by TLD
| .com | 9,470 websites |
| .de | 2,141 websites |
| .net | 1,969 websites |
| .cz | 1,453 websites |
| .org | 1,331 websites |
| .ru | 1,303 websites |
| .at | 963 websites |
| .jp | 682 websites |
| .fr | 489 websites |
| .it | 485 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2011-1945
Top websites that are affected by CVE-2011-1945. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.*****.de | Germany | *,*** | |
| ******.com |  Taiwan | **,*** | |
| *********.com | United States | **,*** | |
| ******.*****.org | United States | **,*** | |
| ******.com | United States | **,*** | |
| *************.ru | Russia | **,*** | |
| ********.com | France | **,*** | |
| ********.*****.org | United States | **,*** | |
| ******.org | United States | **,*** | |
| ****.*******.ca |  Canada | **,*** |
FAQ
A total of 28,185 websites have been identified as vulnerable to CVE-2011-1945, discovered through global website indexing conducted by WebTechSurvey.
OpenSSL is susceptible to CVE-2011-1945 vulnerability.
OpenSSL versions before 1 are vulnerable to CVE-2011-1945.
Version 1 of OpenSSL addresses the CVE-2011-1945 security vulnerability.
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:136
- http://www.kb.cert.org/vuls/id/MAPG-8FENZ3
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:137
- http://www.debian.org/security/2011/dsa-2309
- http://support.apple.com/kb/HT5784
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- https://hermes.opensuse.org/messages/8760466
- http://www.kb.cert.org/vuls/id/536044
- https://hermes.opensuse.org/messages/8764170
- http://secunia.com/advisories/44935
- http://eprint.iacr.org/2011/232.pdf