Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2004-0079

Published: 23/11/2004 Updated: 28/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Firewall Services Module

Vulnerability Summary

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote malicious users to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco firewall services module

symantec clientless vpn gateway 4400 5.0

hp apache-based web server 2.0.43.00

cisco firewall services module 1.1.3

cisco firewall services module 1.1.2

hp aaa server

cisco firewall services module 1.1_\\(3.005\\)

hp apache-based web server 2.0.43.04

cisco firewall services module 2.1_\\(0.208\\)

avaya sg203 4.4

hp hp-ux 11.11

redhat enterprise linux desktop 3.0

hp hp-ux 11.23

cisco ciscoworks common management foundation 2.1

freebsd freebsd 5.1

avaya sg208 4.4

redhat enterprise linux 3.0

avaya sg200 4.4

avaya sg5 4.4

redhat linux 7.2

cisco ciscoworks common services 2.2

openbsd openbsd 3.3

apple mac os x server 10.3.3

redhat linux 8.0

redhat linux 7.3

avaya converged communications server 2.0

sco openserver 5.0.7

hp hp-ux 11.00

avaya sg5 4.2

avaya sg208

freebsd freebsd 5.2

avaya sg200 4.31.29

freebsd freebsd 4.8

avaya sg203 4.31.29

hp hp-ux 8.05

apple mac os x 10.3.3

freebsd freebsd 5.2.1

sco openserver 5.0.6

avaya sg5 4.3

freebsd freebsd 4.9

openbsd openbsd 3.4

cisco ios 12.1\\(11\\)e

cisco ios 12.1\\(11b\\)e

cisco ios 12.1\\(11b\\)e12

cisco ios 12.1\\(11b\\)e14

cisco ios 12.1\\(13\\)e9

cisco ios 12.1\\(19\\)e1

cisco ios 12.2\\(14\\)sy

cisco ios 12.2\\(14\\)sy1

cisco ios 12.2sy

cisco ios 12.2za

4d webstar 4.0

4d webstar 5.2

4d webstar 5.2.1

4d webstar 5.2.2

4d webstar 5.2.3

4d webstar 5.2.4

4d webstar 5.3

4d webstar 5.3.1

avaya intuity_audix

avaya intuity_audix 5.1.46

avaya intuity_audix s3210

avaya intuity_audix s3400

avaya vsu 5

avaya vsu 5x

avaya vsu 100_r2.0.1

avaya vsu 500

avaya vsu 2000_r2.0.1

avaya vsu 5000_r2.0.1

avaya vsu 7500_r2.0.1

avaya vsu 10000_r2.0.1

checkpoint firewall-1

checkpoint firewall-1 2.0

checkpoint firewall-1 next_generation_fp0

checkpoint firewall-1 next_generation_fp1

checkpoint firewall-1 next_generation_fp2

checkpoint provider-1 4.1

checkpoint vpn-1 next_generation_fp0

checkpoint vpn-1 next_generation_fp1

checkpoint vpn-1 next_generation_fp2

checkpoint vpn-1 vsx_ng_with_application_intelligence

cisco access_registrar

cisco application_and_content_networking_software

cisco css_secure_content_accelerator 1.0

cisco css_secure_content_accelerator 2.0

cisco css11000_content_services_switch

cisco okena_stormwatch 3.2

cisco pix_firewall 6.2.2_.111

cisco threat_response

cisco webns 6.10

cisco webns 6.10_b4

cisco webns 7.1_0.1.02

cisco webns 7.1_0.2.06

cisco webns 7.2_0.0.03

cisco webns 7.10

cisco webns 7.10_.0.06s

dell bsafe_ssl-j 3.0

dell bsafe_ssl-j 3.0.1

dell bsafe_ssl-j 3.1

hp wbem a.01.05.08

hp wbem a.02.00.00

hp wbem a.02.00.01

lite speed_technologies_litespeed_web_server 1.0.1

lite speed_technologies_litespeed_web_server 1.0.2

lite speed_technologies_litespeed_web_server 1.0.3

lite speed_technologies_litespeed_web_server 1.1

lite speed_technologies_litespeed_web_server 1.1.1

lite speed_technologies_litespeed_web_server 1.2.1

lite speed_technologies_litespeed_web_server 1.2.2

lite speed_technologies_litespeed_web_server 1.2_rc1

lite speed_technologies_litespeed_web_server 1.2_rc2

lite speed_technologies_litespeed_web_server 1.3

lite speed_technologies_litespeed_web_server 1.3.1

lite speed_technologies_litespeed_web_server 1.3_rc1

lite speed_technologies_litespeed_web_server 1.3_rc2

lite speed_technologies_litespeed_web_server 1.3_rc3

neoteris instant_virtual_extranet 3.0

neoteris instant_virtual_extranet 3.1

neoteris instant_virtual_extranet 3.2

neoteris instant_virtual_extranet 3.3

neoteris instant_virtual_extranet 3.3.1

novell edirectory 8.0

novell edirectory 8.5

novell edirectory 8.5.12a

novell edirectory 8.5.27

novell edirectory 8.6.2

novell edirectory 8.7

novell edirectory 8.7.1

novell imanager 1.5

novell imanager 2.0

openssl openssl 0.9.6c

openssl openssl 0.9.6d

openssl openssl 0.9.6e

openssl openssl 0.9.6f

openssl openssl 0.9.6g

openssl openssl 0.9.6h

openssl openssl 0.9.6i

openssl openssl 0.9.6j

openssl openssl 0.9.6k

openssl openssl 0.9.7

openssl openssl 0.9.7a

openssl openssl 0.9.7b

openssl openssl 0.9.7c

redhat openssl 0.9.6-15

redhat openssl 0.9.6b-3

redhat openssl 0.9.7a-2

sgi propack 2.3

sgi propack 2.4

sgi propack 3.0

stonesoft servercluster 2.5

stonesoft servercluster 2.5.2

stonesoft stonebeat_fullcluster 1_2.0

stonesoft stonebeat_fullcluster 1_3.0

stonesoft stonebeat_fullcluster 2.0

stonesoft stonebeat_fullcluster 2.5

stonesoft stonebeat_fullcluster 3.0

stonesoft stonebeat_securitycluster 2.0

stonesoft stonebeat_securitycluster 2.5

stonesoft stonebeat_webcluster 2.0

stonesoft stonebeat_webcluster 2.5

stonesoft stonegate 1.5.17

stonesoft stonegate 1.5.18

stonesoft stonegate 1.6.2

stonesoft stonegate 1.6.3

stonesoft stonegate 1.7

stonesoft stonegate 1.7.1

stonesoft stonegate 1.7.2

stonesoft stonegate 2.0.1

stonesoft stonegate 2.0.4

stonesoft stonegate 2.0.5

stonesoft stonegate 2.0.6

stonesoft stonegate 2.0.7

stonesoft stonegate 2.0.8

stonesoft stonegate 2.0.9

stonesoft stonegate 2.1

stonesoft stonegate 2.2

stonesoft stonegate 2.2.1

stonesoft stonegate 2.2.4

stonesoft stonegate_vpn_client 1.7

stonesoft stonegate_vpn_client 1.7.2

stonesoft stonegate_vpn_client 2.0

stonesoft stonegate_vpn_client 2.0.7

stonesoft stonegate_vpn_client 2.0.8

stonesoft stonegate_vpn_client 2.0.9

tarantella tarantella_enterprise 3.20

tarantella tarantella_enterprise 3.30

tarantella tarantella_enterprise 3.40

vmware gsx_server 2.0

vmware gsx_server 2.0.1_build_2129

vmware gsx_server 2.5.1

vmware gsx_server 2.5.1_build_5336

vmware gsx_server 3.0_build_7592

avaya s8300 r2.0.0

avaya s8300 r2.0.1

avaya s8500 r2.0.0

avaya s8500 r2.0.1

avaya s8700 r2.0.0

avaya s8700 r2.0.1

bluecoat proxysg

cisco call_manager

cisco content_services_switch_11500

cisco gss_4480_global_site_selector

cisco gss_4490_global_site_selector

cisco mds_9000

cisco secure_content_accelerator 10000

securecomputing sidewinder 5.2

securecomputing sidewinder 5.2.0.01

securecomputing sidewinder 5.2.0.02

securecomputing sidewinder 5.2.0.03

securecomputing sidewinder 5.2.0.04

securecomputing sidewinder 5.2.1

securecomputing sidewinder 5.2.1.02

sun crypto_accelerator_4000 1.0

bluecoat cacheos_ca_sa 4.1.10

bluecoat cacheos_ca_sa 4.1.12

cisco pix_firewall_software 6.0

cisco pix_firewall_software 6.0\\(1\\)

cisco pix_firewall_software 6.0\\(2\\)

cisco pix_firewall_software 6.0\\(3\\)

cisco pix_firewall_software 6.0\\(4\\)

cisco pix_firewall_software 6.0\\(4.101\\)

cisco pix_firewall_software 6.1

cisco pix_firewall_software 6.1\\(1\\)

cisco pix_firewall_software 6.1\\(2\\)

cisco pix_firewall_software 6.1\\(3\\)

cisco pix_firewall_software 6.1\\(4\\)

cisco pix_firewall_software 6.1\\(5\\)

cisco pix_firewall_software 6.2

cisco pix_firewall_software 6.2\\(1\\)

cisco pix_firewall_software 6.2\\(2\\)

cisco pix_firewall_software 6.2\\(3\\)

cisco pix_firewall_software 6.2\\(3.100\\)

cisco pix_firewall_software 6.3

cisco pix_firewall_software 6.3\\(1\\)

cisco pix_firewall_software 6.3\\(2\\)

cisco pix_firewall_software 6.3\\(3.102\\)

cisco pix_firewall_software 6.3\\(3.109\\)

Vendor Advisories

Red Hat: openssl096b security update
Synopsis openssl096b security update Type/Severity Security Advisory: Moderate Topic Updated OpenSSL096b compatibility packages that fix a remote denial ofservice vulnerability are now availableThis update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...
Red Hat: openssl security update
Synopsis openssl security update Type/Severity Security Advisory: Important Topic Updated OpenSSL packages that fix a remote denial of service vulnerabilityare now available for Red Hat Enterprise Linux 21This update has been rated as having important security impact by the RedHat Security Response Team ...
Red Hat: openssl security update
Synopsis openssl security update Type/Severity Security Advisory: Important Topic Updated OpenSSL packages that fix several remote denial of servicevulnerabilities are available for Red Hat Enterprise Linux 3 Description The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3),Trans ...
Debian Security Advisories: DSA-465-1 openssl -- several vulnerabilities
Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool More information can be found in the following NISCC Vulnerability Advisory and this OpenSSL advisory The Common Vulnerabilities and Exposures project identified the following vulnerabilities: CAN-2004-0079 Null-pointer a ...
Cisco: Cisco OpenSSL Implementation Vulnerability
A new vulnerability in the OpenSSL implementation for SSL has been announced on March 17, 2004 An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack There are workarounds available to mitigate the effects of this vulnerability on Cisco produ ...

References

CWE-476http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlhttp://www.securityfocus.com/bid/9899http://www.openssl.org/news/secadv_20040317.txthttp://www.uniras.gov.uk/vuls/2004/224012/index.htmhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834http://www.debian.org/security/2004/dsa-465http://www.linuxsecurity.com/advisories/engarde_advisory-4135.htmlftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.ascftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.aschttp://www.redhat.com/support/errata/RHSA-2004-121.htmlftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txthttp://www.novell.com/linux/security/advisories/2004_07_openssl.htmlhttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524http://docs.info.apple.com/article.html?artnum=61798http://lists.apple.com/mhonarc/security-announce/msg00045.htmlhttp://www.kb.cert.org/vuls/id/288574http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlhttp://fedoranews.org/updates/FEDORA-2004-095.shtmlhttp://security.gentoo.org/glsa/glsa-200403-03.xmlhttp://www.redhat.com/support/errata/RHSA-2004-120.htmlhttp://www.redhat.com/support/errata/RHSA-2004-139.htmlhttp://www.trustix.org/errata/2004/0012http://www.ciac.org/ciac/bulletins/o-101.shtmlhttp://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttp://www.redhat.com/support/errata/RHSA-2005-830.htmlhttp://secunia.com/advisories/11139http://secunia.com/advisories/17401http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.htmlhttp://www.redhat.com/support/errata/RHSA-2005-829.htmlhttp://secunia.com/advisories/17381http://secunia.com/advisories/17398http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961http://support.avaya.com/elmodocs2/security/ASA-2005-239.htmhttp://secunia.com/advisories/18247http://www.mandriva.com/security/advisories?name=MDKSA-2004:023http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_UShttp://marc.info/?l=bugtraq&m=108403806509920&w=2http://marc.info/?l=bugtraq&m=107953412903636&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15505https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2005:830https://www.kb.cert.org/vuls/id/288574
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook