[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-2969Date: (C)2005-10-18   (M)2024-02-22


The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1015032
SUNALERT-101974
BID-15071
BID-15647
SECUNIA-17146
SECUNIA-17151
SECUNIA-17153
SECUNIA-17169
SECUNIA-17178
SECUNIA-17180
SECUNIA-17189
SECUNIA-17191
SECUNIA-17210
SECUNIA-17259
SECUNIA-17288
SECUNIA-17335
SECUNIA-17344
SECUNIA-17389
SECUNIA-17409
SECUNIA-17432
SECUNIA-17466
SECUNIA-17589
SECUNIA-17617
SECUNIA-17632
SECUNIA-17813
SECUNIA-17888
SECUNIA-18045
SECUNIA-18123
SECUNIA-18165
SECUNIA-18663
SECUNIA-19185
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
SECUNIA-21827
SECUNIA-23280
SECUNIA-23340
SECUNIA-23843
SECUNIA-23915
BID-24799
SECUNIA-25973
SECUNIA-26893
SECUNIA-31492
ADV-2005-2036
ADV-2005-2659
ADV-2005-2710
ADV-2005-2908
ADV-2005-3002
ADV-2005-3056
ADV-2006-3531
ADV-2007-0326
ADV-2007-0343
ADV-2007-2457
APPLE-SA-2005-11-29
DSA-875
DSA-881
DSA-882
HPSBUX02174
MDKSA-2005:179
RHSA-2005:762
RHSA-2005:800
RHSA-2008:0629
SSRT071299
SUSE-SA:2005:061
TSLSA-2005-0059
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
hitachi-hicommand-security-bypass(35287)
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
http://www.openssl.org/news/secadv_20051011.txt
https://issues.rpath.com/browse/RPL-1633
oval:org.mitre.oval:def:11454

CPE    9
cpe:/a:openssl:openssl:0.9.7f
cpe:/a:openssl:openssl:0.9.7g
cpe:/a:openssl:openssl:0.9.8
cpe:/a:openssl:openssl:0.9.7a
...
OVAL    1
oval:org.secpod.oval:def:1506549

© SecPod Technologies