Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for icdn by cisco

    VAR-200109-0135

    Vulnerability from variot - Updated: 2025-04-03 22:42

    RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. A vulnerability exists in several versions of RSA's SSL-J Software Development Kit (SDK) that can enable an attacker to bypass SSL client authentication. Under certain conditions, if an error occurs during the SSL client-server handshake, the SSL session key may be stored in a cache rather than being discarded. Once cached, this session key can be used by an attacker to cause a server to skip the full client authentication scheme, using a much shorter one. This effectively allows the attacker to fully bypass the client authentication. On systems that rely solely on the authentication mechanism provided by SSL, this could enable an attacker to perform unauthorized actions. Additional technical details are forthcoming

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200109-0135",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "icdn",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "bsafe ssl-j",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "3.0"
          },
          {
            "model": "bsafe ssl-j",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "3.0.1"
          },
          {
            "model": "bsafe ssl-j",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dell",
            "version": "3.1"
          },
          {
            "model": "bsafe ssl-j sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rsa",
            "version": "3.1"
          },
          {
            "model": "bsafe ssl-j sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rsa",
            "version": "3.0.1"
          },
          {
            "model": "bsafe ssl-j sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rsa",
            "version": "3.0"
          },
          {
            "model": "icdn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "3329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Published in a Cisco Systems Security Advisory on September 12, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "3329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2001-1105",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-1105",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-3910",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-1105",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200109-041",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-3910",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2001-1105",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3910"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. A vulnerability exists in several versions of RSA\u0027s SSL-J Software Development Kit (SDK) that can enable an attacker to bypass SSL client authentication. \nUnder certain conditions, if an error occurs during the SSL client-server handshake, the SSL session key may be stored in a cache rather than being discarded.  Once cached, this session key can be used by an attacker to cause a server to skip the full client authentication scheme, using a much shorter one.  This effectively allows the attacker to fully bypass the client authentication. \nOn systems that rely solely on the authentication mechanism provided by SSL, this could enable an attacker to perform unauthorized actions. \nAdditional technical details are forthcoming",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1105"
          },
          {
            "db": "BID",
            "id": "3329"
          },
          {
            "db": "VULHUB",
            "id": "VHN-3910"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1105"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2001-1105",
            "trust": 2.1
          },
          {
            "db": "BID",
            "id": "3329",
            "trust": 2.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041",
            "trust": 0.7
          },
          {
            "db": "XF",
            "id": "7112",
            "trust": 0.6
          },
          {
            "db": "CISCO",
            "id": "20010912 VULNERABLE SSL IMPLEMENTATION IN ICDN",
            "trust": 0.6
          },
          {
            "db": "CIAC",
            "id": "L-141",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-3910",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1105",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3910"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1105"
          },
          {
            "db": "BID",
            "id": "3329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "id": "VAR-200109-0135",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3910"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-03T22:42:50.691000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/3329"
          },
          {
            "trust": 1.8,
            "url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
          },
          {
            "trust": 1.8,
            "url": "http://www.cisco.com/warp/public/707/ssl-j-pub.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.rsasecurity.com/products/bsafe/bulletins/bsafe_ssl-j_3.x.securitybulletin.html"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/static/7112.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.rsa.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-3910"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1105"
          },
          {
            "db": "BID",
            "id": "3329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-3910"
          },
          {
            "db": "VULMON",
            "id": "CVE-2001-1105"
          },
          {
            "db": "BID",
            "id": "3329"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-09-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3910"
          },
          {
            "date": "2001-09-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2001-1105"
          },
          {
            "date": "2001-09-12T00:00:00",
            "db": "BID",
            "id": "3329"
          },
          {
            "date": "2001-09-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          },
          {
            "date": "2001-09-12T04:00:00",
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-3910"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2001-1105"
          },
          {
            "date": "2009-07-11T07:56:00",
            "db": "BID",
            "id": "3329"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-1105"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "RSA BSAFE SSL-J Verification bypass vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200109-041"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2001-1105 (GCVE-0-2001-1105)

    Vulnerability from cvelistv5 – Published: 2002-03-15 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/warp/public/707/SSL-J-pub.html vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/3329 vdb-entryx_refsource_BID
    http://www.ciac.org/ciac/bulletins/l-141.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.rsasecurity.com/products/bsafe/bulleti… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2001-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:07.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010912 Vulnerable SSL Implementation in iCDN",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
              },
              {
                "name": "3329",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3329"
              },
              {
                "name": "L-141",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
              },
              {
                "name": "bsafe-ssl-bypass-authentication(7112)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010912 Vulnerable SSL Implementation in iCDN",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
            },
            {
              "name": "3329",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3329"
            },
            {
              "name": "L-141",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
            },
            {
              "name": "bsafe-ssl-bypass-authentication(7112)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010912 Vulnerable SSL Implementation in iCDN",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
                },
                {
                  "name": "3329",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3329"
                },
                {
                  "name": "L-141",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
                },
                {
                  "name": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
                },
                {
                  "name": "bsafe-ssl-bypass-authentication(7112)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1105",
        "datePublished": "2002-03-15T05:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:07.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1105 (GCVE-0-2001-1105)

    Vulnerability from nvd – Published: 2002-03-15 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/warp/public/707/SSL-J-pub.html vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/3329 vdb-entryx_refsource_BID
    http://www.ciac.org/ciac/bulletins/l-141.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.rsasecurity.com/products/bsafe/bulleti… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2001-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:07.335Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010912 Vulnerable SSL Implementation in iCDN",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
              },
              {
                "name": "3329",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3329"
              },
              {
                "name": "L-141",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
              },
              {
                "name": "bsafe-ssl-bypass-authentication(7112)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010912 Vulnerable SSL Implementation in iCDN",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
            },
            {
              "name": "3329",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3329"
            },
            {
              "name": "L-141",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
            },
            {
              "name": "bsafe-ssl-bypass-authentication(7112)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010912 Vulnerable SSL Implementation in iCDN",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
                },
                {
                  "name": "3329",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3329"
                },
                {
                  "name": "L-141",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
                },
                {
                  "name": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
                },
                {
                  "name": "bsafe-ssl-bypass-authentication(7112)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1105",
        "datePublished": "2002-03-15T05:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:07.335Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }