Published: 16/09/2005 Updated: 09/02/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The default configuration on OpenSSL prior to 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote malicious users to forge certificates with a valid certificate authority signature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl
canonical ubuntu linux 4.10
canonical ubuntu linux 5.04

OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions The first vulnerability (CVE-2005-2969) affects any application using a SL/TLS server implementation provided by OpenSSL versions 097g and prior If these implementations have options designed to mitigate third party bugs enabl ...

CWE-327 http://www.cits.rub.de/MD5Collisions/http://www.ubuntu.com/usn/usn-179-1 https://bugzilla.ubuntu.com/show_bug.cgi?id=13593 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20051012-CVE-2005-2969

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-2946

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect