SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2004-0079

Date: (C)2004-11-23 (M)2024-02-22

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score : 5.0
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: NONE
Scope: UNCHANGED		Integrity: NONE
Confidentiality: NONE		Availability: PARTIAL
Integrity: NONE
Availability: HIGH

Reference:

http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml

http://marc.info/?l=bugtraq&m=107953412903636&w=2

APPLE-SA-2005-08-15

APPLE-SA-2005-08-17

ESA-20040317-003

FEDORA-2004-095

FEDORA-2005-1042

FreeBSD-SA-04:05

NetBSD-SA2004-005

SuSE-SA:2004:007

http://docs.info.apple.com/article.html?artnum=61798

http://lists.apple.com/mhonarc/security-announce/msg00045.html

http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm

http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US

http://www.openssl.org/news/secadv_20040317.txt

http://www.uniras.gov.uk/vuls/2004/224012/index.htm

openssl-dochangecipherspec-dos(15505)

oval:org.mitre.oval:def:2621

oval:org.mitre.oval:def:5770

oval:org.mitre.oval:def:870

oval:org.mitre.oval:def:975

oval:org.mitre.oval:def:9779

oval:org.secpod.oval:def:1506549

© SecPod Technologies