Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2002-0656

Published: 12/08/2002 Updated: 10/09/2008
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

Buffer overflows in OpenSSL 0.9.6d and previous versions, and 0.9.7-beta2 and previous versions, allow remote malicious users to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.6a

openssl openssl 0.9.6b

openssl openssl 0.9.6c

openssl openssl 0.9.6d

openssl openssl 0.9.1c

openssl openssl 0.9.2b

openssl openssl 0.9.3

oracle application server 1.0.2.1s

oracle application server 1.0.2.2

oracle corporate time outlook connector 3.1

oracle corporate time outlook connector 3.1.1

openssl openssl 0.9.4

openssl openssl 0.9.5a

openssl openssl 0.9.7

oracle application server 1.0.2

oracle corporate time outlook connector 3.1.2

oracle http server 9.0.1

openssl openssl 0.9.5

openssl openssl 0.9.6

oracle application server

oracle corporate time outlook connector 3.3

oracle http server 9.2.0

apple mac os x 10.0

apple mac os x 10.0.1

apple mac os x 10.0.2

apple mac os x 10.0.3

apple mac os x 10.1.3

apple mac os x 10.1.4

apple mac os x 10.1.5

apple mac os x 10.0.4

apple mac os x 10.1.1

apple mac os x 10.1

apple mac os x 10.1.2

Vendor Advisories

Debian Security Advisories: DSA-136-1 openssl -- multiple remote exploits
The OpenSSL development team has announced that a security audit by AL Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed remotely exploitable buffer overflow conditions in the OpenSSL code Additionally, the ASN1 parser in OpenSSL has a potential DoS attack independently discovered by Adi Stav and James Yonan CAN-2002-0655 ...

Exploits

Exploit DB: Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow
/* * openssl-too-openc - OpenSSL remote exploit * Spawns a nobody/apache shell on Apache, root on other servers * * by Solar Eclipse &lt;solareclipse@phreedomorg&gt; * * Thanks to Core, HD Moore, Zillion, Dvorak and Black Berry for their help * * This code or any derivative versions of it may not be posted to Bugtraq * or anywhere on S ...

References

NVD-CWE-Otherhttp://www.cert.org/advisories/CA-2002-23.htmlhttp://www.kb.cert.org/vuls/id/102795http://www.kb.cert.org/vuls/id/258555ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txtftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txtftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.aschttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.phphttp://www.iss.net/security_center/static/9714.phphttp://www.securityfocus.com/bid/5362http://www.securityfocus.com/bid/5363http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513http://www.iss.net/security_center/static/9716.phphttps://nvd.nist.govhttps://www.debian.org/security/./dsa-136https://www.exploit-db.com/exploits/40347/https://www.kb.cert.org/vuls/id/258555
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook