5

CVE-2005-2969

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.87% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/18165
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://www.redhat.com/support/errata/RHSA-2005-800.html
Vendor Advisory
http://www.vupen.com/english/advisories/2005/3002
http://secunia.com/advisories/19185
http://docs.info.apple.com/article.html?artnum=302847
http://secunia.com/advisories/17813
http://www.securityfocus.com/bid/15647
http://www.vupen.com/english/advisories/2005/2659
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://secunia.com/advisories/31492
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://secunia.com/advisories/17288
http://www.redhat.com/support/errata/RHSA-2005-762.html
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://secunia.com/advisories/17146
http://secunia.com/advisories/17151
http://secunia.com/advisories/17153
http://secunia.com/advisories/17169
http://secunia.com/advisories/17178
http://secunia.com/advisories/17180
http://secunia.com/advisories/17189
http://secunia.com/advisories/17191
http://secunia.com/advisories/17210
http://secunia.com/advisories/17259
http://secunia.com/advisories/17335
http://secunia.com/advisories/17344
http://secunia.com/advisories/17389
http://secunia.com/advisories/17409
http://secunia.com/advisories/17432
http://secunia.com/advisories/17466
http://secunia.com/advisories/17589
http://secunia.com/advisories/17617
http://secunia.com/advisories/17632
http://secunia.com/advisories/17888
http://secunia.com/advisories/18045
http://secunia.com/advisories/18123
http://secunia.com/advisories/18663
http://secunia.com/advisories/21827
http://secunia.com/advisories/23280
http://secunia.com/advisories/23340
http://secunia.com/advisories/23843
http://secunia.com/advisories/23915
http://secunia.com/advisories/25973
http://secunia.com/advisories/26893
http://securitytracker.com/id?1015032
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
http://www.debian.org/security/2005/dsa-875
http://www.debian.org/security/2005/dsa-881
http://www.debian.org/security/2005/dsa-882
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:179
http://www.novell.com/linux/security/advisories/2005_61_openssl.html
http://www.openssl.org/news/secadv_20051011.txt
Patch
Vendor Advisory
http://www.securityfocus.com/bid/15071
http://www.securityfocus.com/bid/24799
http://www.vupen.com/english/advisories/2005/2036
http://www.vupen.com/english/advisories/2005/2710
http://www.vupen.com/english/advisories/2005/2908
http://www.vupen.com/english/advisories/2005/3056
http://www.vupen.com/english/advisories/2006/3531
http://www.vupen.com/english/advisories/2007/0326
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2007/2457
https://exchange.xforce.ibmcloud.com/vulnerabilities/35287
https://issues.rpath.com/browse/RPL-1633
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454