Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-2969

Published: 18/10/2005 Updated: 03/05/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Openssl

Vulnerability Summary

The SSL/TLS server implementation in OpenSSL 0.9.7 prior to 0.9.7h and 0.9.8 prior to 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote malicious users to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.7

openssl openssl 0.9.7a

openssl openssl 0.9.7b

openssl openssl 0.9.7g

openssl openssl 0.9.8

openssl openssl 0.9.7c

openssl openssl 0.9.7d

openssl openssl 0.9.7e

openssl openssl 0.9.7f

Vendor Advisories

Red Hat: openssl security update
Synopsis openssl security update Type/Severity Security Advisory: Moderate Topic Updated OpenSSL packages that fix various security issues are now availableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description OpenSSL is a toolkit t ...
Ubuntu Security Notice: openssl vulnerability
Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them ...
Debian Security Advisories: DSA-875-1 openssl094 -- cryptographic weakness
Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 20 protocol even though both ends support SSL 30 or TLS 10 The following matrix explains which version in which distribution has this ...
Debian Security Advisories: DSA-888-1 openssl -- cryptographic weakness
Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 20 protocol even though both ends support SSL 30 or TLS 10 The following matrix explains which version in which distribution has this ...
Debian Security Advisories: DSA-881-1 openssl096 -- cryptographic weakness
Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 20 protocol even though both ends support SSL 30 or TLS 10 The following matrix explains which version in which distribution has this ...
Cisco: OpenSSL Version Rollback and Weak Cryptographic Algorithm Vulnerabilities
OpenSSL contains vulnerabilities that could allow an unauthenticated, remote attacker to bypass security restrictions The first vulnerability (CVE-2005-2969) affects any application using a SL/TLS server implementation provided by OpenSSL versions 097g and prior If these implementations have options designed to mitigate third party bugs enabl ...

References

NVD-CWE-Otherhttp://www.openssl.org/news/secadv_20051011.txthttp://www.redhat.com/support/errata/RHSA-2005-800.htmlhttp://www.novell.com/linux/security/advisories/2005_61_openssl.htmlhttp://www.debian.org/security/2005/dsa-875http://www.mandriva.com/security/advisories?name=MDKSA-2005:179http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlhttp://www.debian.org/security/2005/dsa-881http://www.debian.org/security/2005/dsa-882http://docs.info.apple.com/article.html?artnum=302847http://www.securityfocus.com/bid/15647http://secunia.com/advisories/17813http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtmlhttp://secunia.com/advisories/17888http://secunia.com/advisories/18045http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754http://www.securityfocus.com/bid/15071http://secunia.com/advisories/17151http://secunia.com/advisories/18165http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txthttp://secunia.com/advisories/18123http://securitytracker.com/id?1015032http://secunia.com/advisories/17146http://secunia.com/advisories/17153http://secunia.com/advisories/17169http://secunia.com/advisories/17178http://secunia.com/advisories/17180http://secunia.com/advisories/17189http://secunia.com/advisories/17191http://secunia.com/advisories/17210http://secunia.com/advisories/17259http://secunia.com/advisories/17288http://secunia.com/advisories/17335http://secunia.com/advisories/17344http://secunia.com/advisories/17389http://secunia.com/advisories/17409http://secunia.com/advisories/17432http://secunia.com/advisories/17466http://secunia.com/advisories/17589http://secunia.com/advisories/17617http://secunia.com/advisories/17632http://www.redhat.com/support/errata/RHSA-2005-762.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2006-031.htmhttp://secunia.com/advisories/18663http://secunia.com/advisories/19185http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdfhttp://secunia.com/advisories/21827http://support.avaya.com/elmodocs2/security/ASA-2006-260.htmhttp://secunia.com/advisories/23280http://secunia.com/advisories/23340http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.htmlhttp://secunia.com/advisories/23915http://secunia.com/advisories/23843http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.htmlhttps://issues.rpath.com/browse/RPL-1633http://www.securityfocus.com/bid/24799http://secunia.com/advisories/25973http://secunia.com/advisories/26893http://secunia.com/advisories/31492http://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://www.vupen.com/english/advisories/2005/2036http://www.vupen.com/english/advisories/2005/3002http://www.vupen.com/english/advisories/2007/2457http://www.vupen.com/english/advisories/2007/0343http://www.vupen.com/english/advisories/2005/3056http://www.vupen.com/english/advisories/2005/2710http://www.vupen.com/english/advisories/2007/0326http://www.vupen.com/english/advisories/2005/2659http://www.vupen.com/english/advisories/2005/2908http://www.vupen.com/english/advisories/2006/3531http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100https://exchange.xforce.ibmcloud.com/vulnerabilities/35287https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454https://access.redhat.com/errata/RHSA-2005:800https://usn.ubuntu.com/204-1/https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20051012-CVE-2005-2969
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook