[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2005-2969

Date: (C)2005-10-18   (M)2017-07-18 


The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1015032
SUNALERT-101974
BID-15071
BID-15647
SECUNIA-17146
SECUNIA-17151
SECUNIA-17153
SECUNIA-17169
SECUNIA-17178
SECUNIA-17180
SECUNIA-17189
SECUNIA-17191
SECUNIA-17210
SECUNIA-17259
SECUNIA-17288
SECUNIA-17335
SECUNIA-17344
SECUNIA-17389
SECUNIA-17409
SECUNIA-17432
SECUNIA-17466
SECUNIA-17589
SECUNIA-17617
SECUNIA-17632
SECUNIA-17813
SECUNIA-17888
SECUNIA-18045
SECUNIA-18123
SECUNIA-18165
SECUNIA-18663
SECUNIA-19185
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
SECUNIA-21827
SECUNIA-23280
SECUNIA-23340
SECUNIA-23843
SECUNIA-23915
BID-24799
SECUNIA-25973
SECUNIA-26893
SECUNIA-31492
ADV-2005-2036
ADV-2005-2659
ADV-2005-2710
ADV-2005-2908
ADV-2005-3002
ADV-2005-3056
ADV-2006-3531
ADV-2007-0326
ADV-2007-0343
ADV-2007-2457
APPLE-SA-2005-11-29
DSA-875
DSA-881
DSA-882
HPSBUX02174
MDKSA-2005:179
RHSA-2005:762
RHSA-2005:800
RHSA-2008:0629
SSRT061239
SSRT071299
SUSE-SA:2005:061
TSLSA-2005-0059
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
hitachi-hicommand-security-bypass(35287)
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
http://www.openssl.org/news/secadv_20051011.txt
https://issues.rpath.com/browse/RPL-1633

CPE    9
cpe:/a:openssl:openssl:0.9.7f
cpe:/a:openssl:openssl:0.9.7g
cpe:/a:openssl:openssl:0.9.8
cpe:/a:openssl:openssl:0.9.7
...

© 2013 SecPod Technologies