9.8
CVE-2004-2761
- EPSS 9.85%
- Veröffentlicht 05.01.2009 20:30:02
- Zuletzt bearbeitet 16.06.2026 22:10:17
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.85% | 0.95 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-328 Use of Weak Hash
The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
http://secunia.com/advisories/33826
http://secunia.com/advisories/34281
http://secunia.com/advisories/42181
http://securityreason.com/securityalert/4866
http://securitytracker.com/id?1024697
http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
http://www.doxpara.com/research/md5/md5_someday.pdf
http://www.kb.cert.org/vuls/id/836068
http://www.microsoft.com/technet/security/advisory/961509.mspx
http://www.phreedom.org/research/rogue-ca/
http://www.securityfocus.com/archive/1/499685/100/0/threaded
http://www.securityfocus.com/bid/33065
http://www.ubuntu.com/usn/usn-740-1
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
http://www.win.tue.nl/hashclash/rogue-ca/
https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
https://bugzilla.redhat.com/show_bug.cgi?id=648886
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
https://rhn.redhat.com/errata/RHSA-2010-0837.html
https://rhn.redhat.com/errata/RHSA-2010-0838.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html