Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for ciscoworks_common_services by cisco

    CVE-2011-4237 (GCVE-0-2011-4237)

    Vulnerability from nvd – Published: 2012-05-03 10:00 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "49094",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49094"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-06-09T09:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "49094",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49094"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-4237",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "49094",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49094"
                },
                {
                  "name": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html"
                },
                {
                  "name": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950",
                  "refsource": "MISC",
                  "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-4237",
        "datePublished": "2012-05-03T10:00:00.000Z",
        "dateReserved": "2011-11-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2042 (GCVE-0-2011-2042)

    Vulnerability from nvd – Published: 2011-10-22 01:00 – Updated: 2024-09-17 02:10
    VLAI
    Summary
    The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:46:00.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-10-22T01:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-2042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-2042",
        "datePublished": "2011-10-22T01:00:00.000Z",
        "dateReserved": "2011-05-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:10:43.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3310 (GCVE-0-2011-3310)

    Vulnerability from nvd – Published: 2011-10-20 00:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/50284 vdb-entryx_refsource_BID
    http://secunia.com/advisories/46533 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2011-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:56.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs"
              },
              {
                "name": "50284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/50284"
              },
              {
                "name": "46533",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46533"
              },
              {
                "name": "ciscoworks-common-services-command-exec(70759)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs"
            },
            {
              "name": "50284",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/50284"
            },
            {
              "name": "46533",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46533"
            },
            {
              "name": "ciscoworks-common-services-command-exec(70759)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-3310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs"
                },
                {
                  "name": "50284",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/50284"
                },
                {
                  "name": "46533",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46533"
                },
                {
                  "name": "ciscoworks-common-services-command-exec(70759)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-3310",
        "datePublished": "2011-10-20T00:00:00.000Z",
        "dateReserved": "2011-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:56.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0966 (GCVE-0-2011-0966)

    Vulnerability from nvd – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
              },
              {
                "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
              },
              {
                "name": "17304",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/17304"
              },
              {
                "name": "cisco-uom-auditlog-directory-traversal(67525)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-auditlog-directory-traversal(67525)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-0966",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
                  "refsource": "MISC",
                  "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
                },
                {
                  "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
                },
                {
                  "name": "17304",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/17304"
                },
                {
                  "name": "cisco-uom-auditlog-directory-traversal(67525)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
                },
                {
                  "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089",
                  "refsource": "CONFIRM",
                  "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-0966",
        "datePublished": "2011-05-20T22:00:00.000Z",
        "dateReserved": "2011-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0961 (GCVE-0-2011-0961)

    Vulnerability from nvd – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "47902",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088"
              },
              {
                "name": "cisco-uom-framework-xss(67523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67523"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
              },
              {
                "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
              },
              {
                "name": "17304",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/17304"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "47902",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088"
            },
            {
              "name": "cisco-uom-framework-xss(67523)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67523"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/17304"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-0961",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "47902",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47902"
                },
                {
                  "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088",
                  "refsource": "CONFIRM",
                  "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088"
                },
                {
                  "name": "cisco-uom-framework-xss(67523)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67523"
                },
                {
                  "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
                  "refsource": "MISC",
                  "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
                },
                {
                  "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
                },
                {
                  "name": "17304",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/17304"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-0961",
        "datePublished": "2011-05-20T22:00:00.000Z",
        "dateReserved": "2011-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3036 (GCVE-0-2010-3036)

    Vulnerability from nvd – Published: 2010-10-29 18:00 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/68927 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://securitytracker.com/id?1024646 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/44468 vdb-entryx_refsource_BID
    http://secunia.com/advisories/42011 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/2793 vdb-entryx_refsource_VUPEN
    Date Public
    2010-10-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "68927",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/68927"
              },
              {
                "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
              },
              {
                "name": "1024646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1024646"
              },
              {
                "name": "44468",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/44468"
              },
              {
                "name": "42011",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42011"
              },
              {
                "name": "ADV-2010-2793",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2793"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-11-06T09:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "68927",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/68927"
            },
            {
              "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
            },
            {
              "name": "1024646",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1024646"
            },
            {
              "name": "44468",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/44468"
            },
            {
              "name": "42011",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42011"
            },
            {
              "name": "ADV-2010-2793",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2793"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-3036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "68927",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/68927"
                },
                {
                  "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
                },
                {
                  "name": "1024646",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1024646"
                },
                {
                  "name": "44468",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/44468"
                },
                {
                  "name": "42011",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42011"
                },
                {
                  "name": "ADV-2010-2793",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2793"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-3036",
        "datePublished": "2010-10-29T18:00:00.000Z",
        "dateReserved": "2010-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:46.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1161 (GCVE-0-2009-1161)

    Vulnerability from nvd – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-0… third-party-advisoryx_refsource_JVNDB
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/35040 vdb-entryx_refsource_BID
    http://jvn.jp/en/jp/JVN62527913/index.html third-party-advisoryx_refsource_JVN
    http://osvdb.org/54616 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1022263 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2009/1390 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35179 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-05-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:48.874Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2009-000032",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
              },
              {
                "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
              },
              {
                "name": "35040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35040"
              },
              {
                "name": "JVN#62527913",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
              },
              {
                "name": "54616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54616"
              },
              {
                "name": "1022263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1022263"
              },
              {
                "name": "ADV-2009-1390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1390"
              },
              {
                "name": "35179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35179"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-06-04T09:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "JVNDB-2009-000032",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
            },
            {
              "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
            },
            {
              "name": "35040",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35040"
            },
            {
              "name": "JVN#62527913",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
            },
            {
              "name": "54616",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54616"
            },
            {
              "name": "1022263",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1022263"
            },
            {
              "name": "ADV-2009-1390",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1390"
            },
            {
              "name": "35179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35179"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-1161",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2009-000032",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
                },
                {
                  "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
                },
                {
                  "name": "35040",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35040"
                },
                {
                  "name": "JVN#62527913",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
                },
                {
                  "name": "54616",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54616"
                },
                {
                  "name": "1022263",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1022263"
                },
                {
                  "name": "ADV-2009-1390",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1390"
                },
                {
                  "name": "35179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35179"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-1161",
        "datePublished": "2009-05-21T14:00:00.000Z",
        "dateReserved": "2009-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:48.874Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2054 (GCVE-0-2008-2054)

    Vulnerability from nvd – Published: 2008-05-29 16:00 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:57.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-cwcs-unspecified-code-execution(42702)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/"
              },
              {
                "name": "1020127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020127"
              },
              {
                "name": "ADV-2008-1687",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1687/references"
              },
              {
                "name": "30422",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30422"
              },
              {
                "name": "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-cwcs-unspecified-code-execution(42702)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/"
            },
            {
              "name": "1020127",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020127"
            },
            {
              "name": "ADV-2008-1687",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1687/references"
            },
            {
              "name": "30422",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30422"
            },
            {
              "name": "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2008-2054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cisco-cwcs-unspecified-code-execution(42702)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702"
                },
                {
                  "name": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/",
                  "refsource": "MISC",
                  "url": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/"
                },
                {
                  "name": "1020127",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020127"
                },
                {
                  "name": "ADV-2008-1687",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1687/references"
                },
                {
                  "name": "30422",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30422"
                },
                {
                  "name": "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2008-2054",
        "datePublished": "2008-05-29T16:00:00.000Z",
        "dateReserved": "2008-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:57.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0356 (GCVE-0-2005-0356)

    Vulnerability from nvd – Published: 2005-05-31 04:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/15393 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/637934 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/15417/ third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/18662 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    http://www.securityfocus.com/bid/13676 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sn-200… vendor-advisoryx_refsource_CISCO
    http://secunia.com/advisories/18222 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    Date Public
    2005-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "tcp-ip-timestamp-dos(20635)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
              },
              {
                "name": "15393",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15393"
              },
              {
                "name": "VU#637934",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/637934"
              },
              {
                "name": "15417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15417/"
              },
              {
                "name": "18662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18662"
              },
              {
                "name": "SCOSA-2005.64",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
              },
              {
                "name": "FreeBSD-SA-05:15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
              },
              {
                "name": "13676",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13676"
              },
              {
                "name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
              },
              {
                "name": "18222",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18222"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "tcp-ip-timestamp-dos(20635)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
            },
            {
              "name": "15393",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15393"
            },
            {
              "name": "VU#637934",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/637934"
            },
            {
              "name": "15417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15417/"
            },
            {
              "name": "18662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18662"
            },
            {
              "name": "SCOSA-2005.64",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
            },
            {
              "name": "FreeBSD-SA-05:15",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
            },
            {
              "name": "13676",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13676"
            },
            {
              "name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
            },
            {
              "name": "18222",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18222"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2005-0356",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "tcp-ip-timestamp-dos(20635)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
                },
                {
                  "name": "15393",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15393"
                },
                {
                  "name": "VU#637934",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/637934"
                },
                {
                  "name": "15417",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15417/"
                },
                {
                  "name": "18662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18662"
                },
                {
                  "name": "SCOSA-2005.64",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
                },
                {
                  "name": "FreeBSD-SA-05:15",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
                },
                {
                  "name": "13676",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13676"
                },
                {
                  "name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
                },
                {
                  "name": "18222",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18222"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2005-0356",
        "datePublished": "2005-05-31T04:00:00.000Z",
        "dateReserved": "2005-02-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0112 (GCVE-0-2004-0112)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/484726 third-party-advisoryx_refsource_CERT-VN
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:1049",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
              },
              {
                "name": "openssl-kerberos-ciphersuites-dos(15508)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
              },
              {
                "name": "VU#484726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/484726"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:9580",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "oval:org.mitre.oval:def:928",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1049",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
            },
            {
              "name": "openssl-kerberos-ciphersuites-dos(15508)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
            },
            {
              "name": "VU#484726",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/484726"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:9580",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:928",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:1049",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
                },
                {
                  "name": "openssl-kerberos-ciphersuites-dos(15508)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
                },
                {
                  "name": "VU#484726",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/484726"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9580",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:928",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0112",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0081 (GCVE-0-2004-0081)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=107955049331965&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.kb.cert.org/vuls/id/465542 third-party-advisoryx_refsource_CERT-VN
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2004-119.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://marc.info/?l=bugtraq&m=108403850228012&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "20040304-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
              },
              {
                "name": "openssl-tls-dos(15509)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "oval:org.mitre.oval:def:871",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
              },
              {
                "name": "oval:org.mitre.oval:def:11755",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
              },
              {
                "name": "VU#465542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/465542"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "RHSA-2004:119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
              },
              {
                "name": "oval:org.mitre.oval:def:902",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "20040304-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "openssl-tls-dos(15509)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "oval:org.mitre.oval:def:871",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
            },
            {
              "name": "oval:org.mitre.oval:def:11755",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
            },
            {
              "name": "VU#465542",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/465542"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "RHSA-2004:119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "oval:org.mitre.oval:def:902",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "20040304-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
                },
                {
                  "name": "openssl-tls-dos(15509)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "oval:org.mitre.oval:def:871",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
                },
                {
                  "name": "oval:org.mitre.oval:def:11755",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
                },
                {
                  "name": "VU#465542",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/465542"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "RHSA-2004:119",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:902",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0081",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0079 (GCVE-0-2004-0079)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2025-01-16 17:33
    VLAI
    Summary
    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://secunia.com/advisories/17381 third-party-advisoryx_refsource_SECUNIA
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/17401 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-829.html vendor-advisoryx_refsource_REDHAT
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2005-830.html vendor-advisoryx_refsource_REDHAT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://support.lexmark.com/index?page=content&id=… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/17398 third-party-advisoryx_refsource_SECUNIA
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/288574 third-party-advisoryx_refsource_CERT-VN
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/18247 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "FEDORA-2005-1042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "oval:org.mitre.oval:def:2621",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "17381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17381"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "oval:org.mitre.oval:def:9779",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
              },
              {
                "name": "oval:org.mitre.oval:def:975",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "FreeBSD-SA-04:05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "17401",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17401"
              },
              {
                "name": "RHSA-2005:829",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:870",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
              },
              {
                "name": "RHSA-2005:830",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "17398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17398"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "openssl-dochangecipherspec-dos(15505)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "VU#288574",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/288574"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "18247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18247"
              },
              {
                "name": "oval:org.mitre.oval:def:5770",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2004-0079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-08T16:21:54.985893Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T17:33:22.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "FEDORA-2005-1042",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "oval:org.mitre.oval:def:2621",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "17381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "oval:org.mitre.oval:def:9779",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
            },
            {
              "name": "oval:org.mitre.oval:def:975",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "FreeBSD-SA-04:05",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "17401",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17401"
            },
            {
              "name": "RHSA-2005:829",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:870",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
            },
            {
              "name": "RHSA-2005:830",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "17398",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17398"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "openssl-dochangecipherspec-dos(15505)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "VU#288574",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/288574"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "18247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18247"
            },
            {
              "name": "oval:org.mitre.oval:def:5770",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "FEDORA-2005-1042",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "oval:org.mitre.oval:def:2621",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "17381",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17381"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9779",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
                },
                {
                  "name": "oval:org.mitre.oval:def:975",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "FreeBSD-SA-04:05",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "17401",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17401"
                },
                {
                  "name": "RHSA-2005:829",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:870",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
                },
                {
                  "name": "RHSA-2005:830",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
                  "refsource": "CONFIRM",
                  "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "17398",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17398"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "openssl-dochangecipherspec-dos(15505)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "VU#288574",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/288574"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "18247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18247"
                },
                {
                  "name": "oval:org.mitre.oval:def:5770",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0079",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2025-01-16T17:33:22.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4237 (GCVE-0-2011-4237)

    Vulnerability from cvelistv5 – Published: 2012-05-03 10:00 – Updated: 2024-08-07 00:01
    VLAI
    Summary
    CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:01:51.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "49094",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49094"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-06-09T09:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "49094",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49094"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-4237",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "49094",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49094"
                },
                {
                  "name": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/release/notes/lms42rel.html"
                },
                {
                  "name": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950",
                  "refsource": "MISC",
                  "url": "http://www.nessus.org/plugins/index.php?view=single\u0026id=58950"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-4237",
        "datePublished": "2012-05-03T10:00:00.000Z",
        "dateReserved": "2011-11-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:01:51.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2042 (GCVE-0-2011-2042)

    Vulnerability from cvelistv5 – Published: 2011-10-22 01:00 – Updated: 2024-09-17 02:10
    VLAI
    Summary
    The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:46:00.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-10-22T01:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-2042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Sybase SQL Anywhere database component in Cisco CiscoWorks Common Services 3.x and 4.x before 4.1 allows remote attackers to obtain potentially sensitive information about the engine name and database port via an unspecified request to UDP port 2638, aka Bug ID CSCsk35018."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_common_services_software/3.3/release/notes/cs33rel.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-2042",
        "datePublished": "2011-10-22T01:00:00.000Z",
        "dateReserved": "2011-05-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:10:43.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3310 (GCVE-0-2011-3310)

    Vulnerability from cvelistv5 – Published: 2011-10-20 00:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://tools.cisco.com/security/center/content/Ci… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/50284 vdb-entryx_refsource_BID
    http://secunia.com/advisories/46533 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2011-10-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:56.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs"
              },
              {
                "name": "50284",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/50284"
              },
              {
                "name": "46533",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46533"
              },
              {
                "name": "ciscoworks-common-services-command-exec(70759)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-10-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs"
            },
            {
              "name": "50284",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/50284"
            },
            {
              "name": "46533",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46533"
            },
            {
              "name": "ciscoworks-common-services-command-exec(70759)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-3310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20111019 CiscoWorks Common Services Arbitrary Command Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs"
                },
                {
                  "name": "50284",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/50284"
                },
                {
                  "name": "46533",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/46533"
                },
                {
                  "name": "ciscoworks-common-services-command-exec(70759)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70759"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-3310",
        "datePublished": "2011-10-20T00:00:00.000Z",
        "dateReserved": "2011-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:56.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0961 (GCVE-0-2011-0961)

    Vulnerability from cvelistv5 – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "47902",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088"
              },
              {
                "name": "cisco-uom-framework-xss(67523)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67523"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
              },
              {
                "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
              },
              {
                "name": "17304",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/17304"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "47902",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088"
            },
            {
              "name": "cisco-uom-framework-xss(67523)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67523"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/17304"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-0961",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "47902",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47902"
                },
                {
                  "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088",
                  "refsource": "CONFIRM",
                  "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23088"
                },
                {
                  "name": "cisco-uom-framework-xss(67523)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67523"
                },
                {
                  "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
                  "refsource": "MISC",
                  "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
                },
                {
                  "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
                },
                {
                  "name": "17304",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/17304"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-0961",
        "datePublished": "2011-05-20T22:00:00.000Z",
        "dateReserved": "2011-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0966 (GCVE-0-2011-0966)

    Vulnerability from cvelistv5 – Published: 2011-05-20 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:26.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
              },
              {
                "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
              },
              {
                "name": "17304",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/17304"
              },
              {
                "name": "cisco-uom-auditlog-directory-traversal(67525)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
            },
            {
              "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
            },
            {
              "name": "17304",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/17304"
            },
            {
              "name": "cisco-uom-auditlog-directory-traversal(67525)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2011-0966",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf",
                  "refsource": "MISC",
                  "url": "http://www.senseofsecurity.com.au/advisories/SOS-11-006.pdf"
                },
                {
                  "name": "20110518 Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0371.html"
                },
                {
                  "name": "17304",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/17304"
                },
                {
                  "name": "cisco-uom-auditlog-directory-traversal(67525)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67525"
                },
                {
                  "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089",
                  "refsource": "CONFIRM",
                  "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=23089"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2011-0966",
        "datePublished": "2011-05-20T22:00:00.000Z",
        "dateReserved": "2011-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:26.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3036 (GCVE-0-2010-3036)

    Vulnerability from cvelistv5 – Published: 2010-10-29 18:00 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/68927 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://securitytracker.com/id?1024646 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/44468 vdb-entryx_refsource_BID
    http://secunia.com/advisories/42011 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2010/2793 vdb-entryx_refsource_VUPEN
    Date Public
    2010-10-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "68927",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/68927"
              },
              {
                "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
              },
              {
                "name": "1024646",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1024646"
              },
              {
                "name": "44468",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/44468"
              },
              {
                "name": "42011",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42011"
              },
              {
                "name": "ADV-2010-2793",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2793"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-11-06T09:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "68927",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/68927"
            },
            {
              "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
            },
            {
              "name": "1024646",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1024646"
            },
            {
              "name": "44468",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/44468"
            },
            {
              "name": "42011",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42011"
            },
            {
              "name": "ADV-2010-2793",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2793"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-3036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port (1) 443 or (2) 1741, aka Bug ID CSCti41352."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "68927",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/68927"
                },
                {
                  "name": "20101027 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b51501.shtml"
                },
                {
                  "name": "1024646",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1024646"
                },
                {
                  "name": "44468",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/44468"
                },
                {
                  "name": "42011",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42011"
                },
                {
                  "name": "ADV-2010-2793",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2793"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-3036",
        "datePublished": "2010-10-29T18:00:00.000Z",
        "dateReserved": "2010-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:46.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1161 (GCVE-0-2009-1161)

    Vulnerability from cvelistv5 – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-0… third-party-advisoryx_refsource_JVNDB
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/35040 vdb-entryx_refsource_BID
    http://jvn.jp/en/jp/JVN62527913/index.html third-party-advisoryx_refsource_JVN
    http://osvdb.org/54616 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1022263 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2009/1390 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35179 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-05-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:48.874Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2009-000032",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
              },
              {
                "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
              },
              {
                "name": "35040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35040"
              },
              {
                "name": "JVN#62527913",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
              },
              {
                "name": "54616",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54616"
              },
              {
                "name": "1022263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1022263"
              },
              {
                "name": "ADV-2009-1390",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1390"
              },
              {
                "name": "35179",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35179"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-06-04T09:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "JVNDB-2009-000032",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
            },
            {
              "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
            },
            {
              "name": "35040",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35040"
            },
            {
              "name": "JVN#62527913",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
            },
            {
              "name": "54616",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54616"
            },
            {
              "name": "1022263",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1022263"
            },
            {
              "name": "ADV-2009-1390",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1390"
            },
            {
              "name": "35179",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35179"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-1161",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2009-000032",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
                },
                {
                  "name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
                },
                {
                  "name": "35040",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35040"
                },
                {
                  "name": "JVN#62527913",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN62527913/index.html"
                },
                {
                  "name": "54616",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54616"
                },
                {
                  "name": "1022263",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1022263"
                },
                {
                  "name": "ADV-2009-1390",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1390"
                },
                {
                  "name": "35179",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35179"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-1161",
        "datePublished": "2009-05-21T14:00:00.000Z",
        "dateReserved": "2009-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:48.874Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2054 (GCVE-0-2008-2054)

    Vulnerability from cvelistv5 – Published: 2008-05-29 16:00 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:57.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-cwcs-unspecified-code-execution(42702)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/"
              },
              {
                "name": "1020127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020127"
              },
              {
                "name": "ADV-2008-1687",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1687/references"
              },
              {
                "name": "30422",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30422"
              },
              {
                "name": "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-cwcs-unspecified-code-execution(42702)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/"
            },
            {
              "name": "1020127",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020127"
            },
            {
              "name": "ADV-2008-1687",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1687/references"
            },
            {
              "name": "30422",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30422"
            },
            {
              "name": "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2008-2054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cisco-cwcs-unspecified-code-execution(42702)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702"
                },
                {
                  "name": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/",
                  "refsource": "MISC",
                  "url": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/"
                },
                {
                  "name": "1020127",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020127"
                },
                {
                  "name": "ADV-2008-1687",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1687/references"
                },
                {
                  "name": "30422",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30422"
                },
                {
                  "name": "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2008-2054",
        "datePublished": "2008-05-29T16:00:00.000Z",
        "dateReserved": "2008-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:57.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0356 (GCVE-0-2005-0356)

    Vulnerability from cvelistv5 – Published: 2005-05-31 04:00 – Updated: 2024-08-07 21:13
    VLAI
    Summary
    Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/15393 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/637934 third-party-advisoryx_refsource_CERT-VN
    http://secunia.com/advisories/15417/ third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/18662 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005… vendor-advisoryx_refsource_SCO
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    http://www.securityfocus.com/bid/13676 vdb-entryx_refsource_BID
    http://www.cisco.com/warp/public/707/cisco-sn-200… vendor-advisoryx_refsource_CISCO
    http://secunia.com/advisories/18222 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    Date Public
    2005-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:13:53.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "tcp-ip-timestamp-dos(20635)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
              },
              {
                "name": "15393",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15393"
              },
              {
                "name": "VU#637934",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/637934"
              },
              {
                "name": "15417",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15417/"
              },
              {
                "name": "18662",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18662"
              },
              {
                "name": "SCOSA-2005.64",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
              },
              {
                "name": "FreeBSD-SA-05:15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
              },
              {
                "name": "13676",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13676"
              },
              {
                "name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
              },
              {
                "name": "18222",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18222"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "tcp-ip-timestamp-dos(20635)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
            },
            {
              "name": "15393",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15393"
            },
            {
              "name": "VU#637934",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/637934"
            },
            {
              "name": "15417",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15417/"
            },
            {
              "name": "18662",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18662"
            },
            {
              "name": "SCOSA-2005.64",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
            },
            {
              "name": "FreeBSD-SA-05:15",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
            },
            {
              "name": "13676",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13676"
            },
            {
              "name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
            },
            {
              "name": "18222",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18222"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2005-0356",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "tcp-ip-timestamp-dos(20635)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
                },
                {
                  "name": "15393",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15393"
                },
                {
                  "name": "VU#637934",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/637934"
                },
                {
                  "name": "15417",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15417/"
                },
                {
                  "name": "18662",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18662"
                },
                {
                  "name": "SCOSA-2005.64",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
                },
                {
                  "name": "FreeBSD-SA-05:15",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
                },
                {
                  "name": "13676",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13676"
                },
                {
                  "name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
                },
                {
                  "name": "18222",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18222"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2005-0356",
        "datePublished": "2005-05-31T04:00:00.000Z",
        "dateReserved": "2005-02-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:13:53.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0112 (GCVE-0-2004-0112)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/484726 third-party-advisoryx_refsource_CERT-VN
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:1049",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
              },
              {
                "name": "openssl-kerberos-ciphersuites-dos(15508)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
              },
              {
                "name": "VU#484726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/484726"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:9580",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "oval:org.mitre.oval:def:928",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1049",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
            },
            {
              "name": "openssl-kerberos-ciphersuites-dos(15508)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
            },
            {
              "name": "VU#484726",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/484726"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:9580",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:928",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:1049",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
                },
                {
                  "name": "openssl-kerberos-ciphersuites-dos(15508)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
                },
                {
                  "name": "VU#484726",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/484726"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9580",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:928",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0112",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0081 (GCVE-0-2004-0081)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=107955049331965&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.kb.cert.org/vuls/id/465542 third-party-advisoryx_refsource_CERT-VN
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2004-119.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://marc.info/?l=bugtraq&m=108403850228012&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "20040304-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
              },
              {
                "name": "openssl-tls-dos(15509)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "oval:org.mitre.oval:def:871",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
              },
              {
                "name": "oval:org.mitre.oval:def:11755",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
              },
              {
                "name": "VU#465542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/465542"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "RHSA-2004:119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
              },
              {
                "name": "oval:org.mitre.oval:def:902",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "20040304-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "openssl-tls-dos(15509)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "oval:org.mitre.oval:def:871",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
            },
            {
              "name": "oval:org.mitre.oval:def:11755",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
            },
            {
              "name": "VU#465542",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/465542"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "RHSA-2004:119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "oval:org.mitre.oval:def:902",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "20040304-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
                },
                {
                  "name": "openssl-tls-dos(15509)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "oval:org.mitre.oval:def:871",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
                },
                {
                  "name": "oval:org.mitre.oval:def:11755",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
                },
                {
                  "name": "VU#465542",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/465542"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "RHSA-2004:119",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:902",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0081",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0079 (GCVE-0-2004-0079)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2025-01-16 17:33
    VLAI
    Summary
    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://secunia.com/advisories/17381 third-party-advisoryx_refsource_SECUNIA
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/17401 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-829.html vendor-advisoryx_refsource_REDHAT
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2005-830.html vendor-advisoryx_refsource_REDHAT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://support.lexmark.com/index?page=content&id=… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/17398 third-party-advisoryx_refsource_SECUNIA
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/288574 third-party-advisoryx_refsource_CERT-VN
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/18247 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "FEDORA-2005-1042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "oval:org.mitre.oval:def:2621",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "17381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17381"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "oval:org.mitre.oval:def:9779",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
              },
              {
                "name": "oval:org.mitre.oval:def:975",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "FreeBSD-SA-04:05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "17401",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17401"
              },
              {
                "name": "RHSA-2005:829",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:870",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
              },
              {
                "name": "RHSA-2005:830",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "17398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17398"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "openssl-dochangecipherspec-dos(15505)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "VU#288574",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/288574"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "18247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18247"
              },
              {
                "name": "oval:org.mitre.oval:def:5770",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2004-0079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-08T16:21:54.985893Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T17:33:22.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "FEDORA-2005-1042",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "oval:org.mitre.oval:def:2621",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "17381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "oval:org.mitre.oval:def:9779",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
            },
            {
              "name": "oval:org.mitre.oval:def:975",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "FreeBSD-SA-04:05",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "17401",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17401"
            },
            {
              "name": "RHSA-2005:829",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:870",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
            },
            {
              "name": "RHSA-2005:830",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "17398",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17398"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "openssl-dochangecipherspec-dos(15505)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "VU#288574",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/288574"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "18247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18247"
            },
            {
              "name": "oval:org.mitre.oval:def:5770",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "FEDORA-2005-1042",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "oval:org.mitre.oval:def:2621",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "17381",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17381"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9779",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
                },
                {
                  "name": "oval:org.mitre.oval:def:975",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "FreeBSD-SA-04:05",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "17401",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17401"
                },
                {
                  "name": "RHSA-2005:829",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:870",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
                },
                {
                  "name": "RHSA-2005:830",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
                  "refsource": "CONFIRM",
                  "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "17398",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17398"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "openssl-dochangecipherspec-dos(15505)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "VU#288574",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/288574"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "18247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18247"
                },
                {
                  "name": "oval:org.mitre.oval:def:5770",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0079",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2025-01-16T17:33:22.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }