Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for pix_firewall by cisco

    CVE-2006-3906 (GCVE-0-2006-3906)

    Vulnerability from nvd – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nta-monitor.com/posts/2006/07/cisco-co… x_refsource_MISC
    http://www.securityfocus.com/bid/19176 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/441203/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/29068 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1016582 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/1293 third-party-advisoryx_refsource_SREASON
    http://www.cisco.com/en/US/tech/tk583/tk372/tsd_t… vendor-advisoryx_refsource_CISCO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.430Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
              },
              {
                "name": "19176",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19176"
              },
              {
                "name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
              },
              {
                "name": "29068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29068"
              },
              {
                "name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
              },
              {
                "name": "oval:org.mitre.oval:def:5299",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
              },
              {
                "name": "1016582",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016582"
              },
              {
                "name": "1293",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1293"
              },
              {
                "name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
              },
              {
                "name": "cisco-ike-resource-exhaustion-dos(27972)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
            },
            {
              "name": "19176",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19176"
            },
            {
              "name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
            },
            {
              "name": "29068",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29068"
            },
            {
              "name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5299",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
            },
            {
              "name": "1016582",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016582"
            },
            {
              "name": "1293",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1293"
            },
            {
              "name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
            },
            {
              "name": "cisco-ike-resource-exhaustion-dos(27972)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html",
                  "refsource": "MISC",
                  "url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
                },
                {
                  "name": "19176",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19176"
                },
                {
                  "name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
                },
                {
                  "name": "29068",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29068"
                },
                {
                  "name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:5299",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
                },
                {
                  "name": "1016582",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016582"
                },
                {
                  "name": "1293",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1293"
                },
                {
                  "name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
                },
                {
                  "name": "cisco-ike-resource-exhaustion-dos(27972)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3906",
        "datePublished": "2006-07-27T22:00:00.000Z",
        "dateReserved": "2006-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0515 (GCVE-0-2006-0515)

    Vulnerability from nvd – Published: 2006-05-09 10:00 – Updated: 2024-08-07 16:41
    VLAI
    Summary
    Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/25453 vdb-entryx_refsource_OSVDB
    http://www.vsecurity.com/bulletins/advisories/200… x_refsource_MISC
    http://secunia.com/advisories/20044 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17883 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1738 vdb-entryx_refsource_VUPEN
    http://www.cisco.com/en/US/products/sw/netmgtsw/p… vendor-advisoryx_refsource_CISCO
    http://securitytracker.com/id?1016040 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016039 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/433270/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:41:28.369Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html"
              },
              {
                "name": "25453",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/25453"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt"
              },
              {
                "name": "20044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20044"
              },
              {
                "name": "17883",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17883"
              },
              {
                "name": "ADV-2006-1738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1738"
              },
              {
                "name": "20060508 PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html"
              },
              {
                "name": "1016040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016040"
              },
              {
                "name": "1016039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016039"
              },
              {
                "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/433270/100/0/threaded"
              },
              {
                "name": "cisco-websense-content-filtering-bypass(26308)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26308"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html"
            },
            {
              "name": "25453",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/25453"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt"
            },
            {
              "name": "20044",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20044"
            },
            {
              "name": "17883",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17883"
            },
            {
              "name": "ADV-2006-1738",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1738"
            },
            {
              "name": "20060508 PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html"
            },
            {
              "name": "1016040",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016040"
            },
            {
              "name": "1016039",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016039"
            },
            {
              "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/433270/100/0/threaded"
            },
            {
              "name": "cisco-websense-content-filtering-bypass(26308)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26308"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0515",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html"
                },
                {
                  "name": "25453",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/25453"
                },
                {
                  "name": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt",
                  "refsource": "MISC",
                  "url": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt"
                },
                {
                  "name": "20044",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20044"
                },
                {
                  "name": "17883",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17883"
                },
                {
                  "name": "ADV-2006-1738",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1738"
                },
                {
                  "name": "20060508 PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html"
                },
                {
                  "name": "1016040",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016040"
                },
                {
                  "name": "1016039",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016039"
                },
                {
                  "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/433270/100/0/threaded"
                },
                {
                  "name": "cisco-websense-content-filtering-bypass(26308)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26308"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0515",
        "datePublished": "2006-05-09T10:00:00.000Z",
        "dateReserved": "2006-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:41:28.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4499 (GCVE-0-2005-4499)

    Vulnerability from nvd – Published: 2005-12-22 11:00 – Updated: 2024-08-07 23:46
    VLAI
    Summary
    The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/420020/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/16025 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/sw/secursw/ps… x_refsource_MISC
    http://www.osvdb.org/22193 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/420103/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/18141 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-12-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:46:05.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
              },
              {
                "name": "16025",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16025"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
              },
              {
                "name": "22193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22193"
              },
              {
                "name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
              },
              {
                "name": "18141",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18141"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-12-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
            },
            {
              "name": "16025",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16025"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
            },
            {
              "name": "22193",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22193"
            },
            {
              "name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
            },
            {
              "name": "18141",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18141"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4499",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
                },
                {
                  "name": "16025",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16025"
                },
                {
                  "name": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml",
                  "refsource": "MISC",
                  "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
                },
                {
                  "name": "22193",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22193"
                },
                {
                  "name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
                },
                {
                  "name": "18141",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18141"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4499",
        "datePublished": "2005-12-22T11:00:00.000Z",
        "dateReserved": "2005-12-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:46:05.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3669 (GCVE-0-2005-3669)

    Vulnerability from nvd – Published: 2005-11-18 21:00 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1015200 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1015202 vdb-entryx_refsource_SECTRACK
    http://www.niscc.gov.uk/niscc/docs/br-20051114-01… x_refsource_MISC
    http://jvn.jp/niscc/NISCC-273756/index.html x_refsource_MISC
    http://securitytracker.com/id?1015201 vdb-entryx_refsource_SECTRACK
    http://www.ee.oulu.fi/research/ouspg/protos/testi… x_refsource_MISC
    http://www.securityfocus.com/bid/15401 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/226364 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1015199 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1015198 vdb-entryx_refsource_SECTRACK
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://secunia.com/advisories/17553 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1015200",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015200"
              },
              {
                "name": "1015202",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/niscc/NISCC-273756/index.html"
              },
              {
                "name": "1015201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015201"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
              },
              {
                "name": "15401",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15401"
              },
              {
                "name": "VU#226364",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/226364"
              },
              {
                "name": "1015199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015199"
              },
              {
                "name": "oval:org.mitre.oval:def:5226",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
              },
              {
                "name": "1015198",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015198"
              },
              {
                "name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
              },
              {
                "name": "17553",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.  NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1015200",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015200"
            },
            {
              "name": "1015202",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/niscc/NISCC-273756/index.html"
            },
            {
              "name": "1015201",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015201"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
            },
            {
              "name": "15401",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15401"
            },
            {
              "name": "VU#226364",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/226364"
            },
            {
              "name": "1015199",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015199"
            },
            {
              "name": "oval:org.mitre.oval:def:5226",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
            },
            {
              "name": "1015198",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015198"
            },
            {
              "name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
            },
            {
              "name": "17553",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17553"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.  NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1015200",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015200"
                },
                {
                  "name": "1015202",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015202"
                },
                {
                  "name": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en",
                  "refsource": "MISC",
                  "url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
                },
                {
                  "name": "http://jvn.jp/niscc/NISCC-273756/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/niscc/NISCC-273756/index.html"
                },
                {
                  "name": "1015201",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015201"
                },
                {
                  "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
                  "refsource": "MISC",
                  "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
                },
                {
                  "name": "15401",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15401"
                },
                {
                  "name": "VU#226364",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/226364"
                },
                {
                  "name": "1015199",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015199"
                },
                {
                  "name": "oval:org.mitre.oval:def:5226",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
                },
                {
                  "name": "1015198",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015198"
                },
                {
                  "name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
                },
                {
                  "name": "17553",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17553"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3669",
        "datePublished": "2005-11-18T21:00:00.000Z",
        "dateReserved": "2005-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0079 (GCVE-0-2004-0079)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2025-01-16 17:33
    VLAI
    Summary
    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://secunia.com/advisories/17381 third-party-advisoryx_refsource_SECUNIA
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/17401 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-829.html vendor-advisoryx_refsource_REDHAT
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2005-830.html vendor-advisoryx_refsource_REDHAT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://support.lexmark.com/index?page=content&id=… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/17398 third-party-advisoryx_refsource_SECUNIA
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/288574 third-party-advisoryx_refsource_CERT-VN
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/18247 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "FEDORA-2005-1042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "oval:org.mitre.oval:def:2621",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "17381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17381"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "oval:org.mitre.oval:def:9779",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
              },
              {
                "name": "oval:org.mitre.oval:def:975",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "FreeBSD-SA-04:05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "17401",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17401"
              },
              {
                "name": "RHSA-2005:829",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:870",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
              },
              {
                "name": "RHSA-2005:830",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "17398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17398"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "openssl-dochangecipherspec-dos(15505)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "VU#288574",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/288574"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "18247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18247"
              },
              {
                "name": "oval:org.mitre.oval:def:5770",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2004-0079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-08T16:21:54.985893Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T17:33:22.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "FEDORA-2005-1042",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "oval:org.mitre.oval:def:2621",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "17381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "oval:org.mitre.oval:def:9779",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
            },
            {
              "name": "oval:org.mitre.oval:def:975",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "FreeBSD-SA-04:05",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "17401",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17401"
            },
            {
              "name": "RHSA-2005:829",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:870",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
            },
            {
              "name": "RHSA-2005:830",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "17398",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17398"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "openssl-dochangecipherspec-dos(15505)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "VU#288574",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/288574"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "18247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18247"
            },
            {
              "name": "oval:org.mitre.oval:def:5770",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "FEDORA-2005-1042",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "oval:org.mitre.oval:def:2621",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "17381",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17381"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9779",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
                },
                {
                  "name": "oval:org.mitre.oval:def:975",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "FreeBSD-SA-04:05",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "17401",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17401"
                },
                {
                  "name": "RHSA-2005:829",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:870",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
                },
                {
                  "name": "RHSA-2005:830",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
                  "refsource": "CONFIRM",
                  "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "17398",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17398"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "openssl-dochangecipherspec-dos(15505)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "VU#288574",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/288574"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "18247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18247"
                },
                {
                  "name": "oval:org.mitre.oval:def:5770",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0079",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2025-01-16T17:33:22.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0081 (GCVE-0-2004-0081)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=107955049331965&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.kb.cert.org/vuls/id/465542 third-party-advisoryx_refsource_CERT-VN
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2004-119.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://marc.info/?l=bugtraq&m=108403850228012&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "20040304-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
              },
              {
                "name": "openssl-tls-dos(15509)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "oval:org.mitre.oval:def:871",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
              },
              {
                "name": "oval:org.mitre.oval:def:11755",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
              },
              {
                "name": "VU#465542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/465542"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "RHSA-2004:119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
              },
              {
                "name": "oval:org.mitre.oval:def:902",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "20040304-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "openssl-tls-dos(15509)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "oval:org.mitre.oval:def:871",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
            },
            {
              "name": "oval:org.mitre.oval:def:11755",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
            },
            {
              "name": "VU#465542",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/465542"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "RHSA-2004:119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "oval:org.mitre.oval:def:902",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "20040304-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
                },
                {
                  "name": "openssl-tls-dos(15509)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "oval:org.mitre.oval:def:871",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
                },
                {
                  "name": "oval:org.mitre.oval:def:11755",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
                },
                {
                  "name": "VU#465542",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/465542"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "RHSA-2004:119",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:902",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0081",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0112 (GCVE-0-2004-0112)

    Vulnerability from nvd – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/484726 third-party-advisoryx_refsource_CERT-VN
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:1049",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
              },
              {
                "name": "openssl-kerberos-ciphersuites-dos(15508)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
              },
              {
                "name": "VU#484726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/484726"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:9580",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "oval:org.mitre.oval:def:928",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1049",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
            },
            {
              "name": "openssl-kerberos-ciphersuites-dos(15508)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
            },
            {
              "name": "VU#484726",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/484726"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:9580",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:928",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:1049",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
                },
                {
                  "name": "openssl-kerberos-ciphersuites-dos(15508)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
                },
                {
                  "name": "VU#484726",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/484726"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9580",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:928",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0112",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1004 (GCVE-0-2003-1004)

    Vulnerability from nvd – Published: 2003-12-17 05:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:35.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20031215 Cisco PIX Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-12-17T05:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20031215 Cisco PIX Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20031215 Cisco PIX Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1004",
        "datePublished": "2003-12-17T05:00:00.000Z",
        "dateReserved": "2003-12-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:36.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1003 (GCVE-0-2003-1003)

    Vulnerability from nvd – Published: 2003-12-17 05:00 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:35.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20031215 Cisco PIX Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-12-17T05:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20031215 Cisco PIX Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20031215 Cisco PIX Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1003",
        "datePublished": "2003-12-17T05:00:00.000Z",
        "dateReserved": "2003-12-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:22.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0851 (GCVE-0-2003-0851)

    Vulnerability from nvd – Published: 2003-11-06 05:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://secunia.com/advisories/17381 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/8970 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=106796246511667&w=2 mailing-listx_refsource_BUGTRAQ
    http://rhn.redhat.com/errata/RHSA-2004-119.html vendor-advisoryx_refsource_REDHAT
    http://www.openssl.org/news/secadv_20031104.txt x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/412478 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=108403850228012&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2003-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5528",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
              },
              {
                "name": "FEDORA-2005-1042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
              },
              {
                "name": "20040304-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
              },
              {
                "name": "17381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17381"
              },
              {
                "name": "NetBSD-SA2004-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
              },
              {
                "name": "20030930 SSL Implementation Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
              },
              {
                "name": "8970",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8970"
              },
              {
                "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
              },
              {
                "name": "RHSA-2004:119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20031104.txt"
              },
              {
                "name": "VU#412478",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/412478"
              },
              {
                "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5528",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
            },
            {
              "name": "FEDORA-2005-1042",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "20040304-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "17381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "name": "NetBSD-SA2004-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
            },
            {
              "name": "20030930 SSL Implementation Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
            },
            {
              "name": "8970",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8970"
            },
            {
              "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
            },
            {
              "name": "RHSA-2004:119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20031104.txt"
            },
            {
              "name": "VU#412478",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/412478"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5528",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
                },
                {
                  "name": "FEDORA-2005-1042",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
                },
                {
                  "name": "20040304-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
                },
                {
                  "name": "17381",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17381"
                },
                {
                  "name": "NetBSD-SA2004-003",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
                },
                {
                  "name": "20030930 SSL Implementation Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
                },
                {
                  "name": "8970",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8970"
                },
                {
                  "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
                },
                {
                  "name": "RHSA-2004:119",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20031104.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20031104.txt"
                },
                {
                  "name": "VU#412478",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/412478"
                },
                {
                  "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0851",
        "datePublished": "2003-11-06T05:00:00.000Z",
        "dateReserved": "2003-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0954 (GCVE-0-2002-0954)

    Vulnerability from nvd – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
    VLAI
    Summary
    The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://marc.info/?l=bugtraq&m=102651159507659&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:12:15.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html"
              },
              {
                "name": "20020712 The answer to the PIX encryption issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=102651159507659\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html"
            },
            {
              "name": "20020712 The answer to the PIX encryption issue",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=102651159507659\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html"
                },
                {
                  "name": "20020712 The answer to the PIX encryption issue",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=102651159507659\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0954",
        "datePublished": "2002-08-31T04:00:00.000Z",
        "dateReserved": "2002-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:12:15.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2000-0613 (GCVE-0-2000-0613)

    Vulnerability from nvd – Published: 2000-10-13 04:00 – Updated: 2024-08-08 05:21
    VLAI
    Summary
    Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/1457 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/warp/public/707/pixtcpreset-… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/templates/archive.pi… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/1454 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2000-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T05:21:31.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1457",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/1457"
              },
              {
                "name": "20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml"
              },
              {
                "name": "20000320 PIX DMZ Denial of Service - TCP Resets",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=B3D6883199DBD311868100A0C9FC2CDC046B72%40protea.citec.net"
              },
              {
                "name": "1454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/1454"
              },
              {
                "name": "cisco-pix-firewall-tcp(4928)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4928"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-09-02T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1457",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/1457"
            },
            {
              "name": "20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml"
            },
            {
              "name": "20000320 PIX DMZ Denial of Service - TCP Resets",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=B3D6883199DBD311868100A0C9FC2CDC046B72%40protea.citec.net"
            },
            {
              "name": "1454",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/1454"
            },
            {
              "name": "cisco-pix-firewall-tcp(4928)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2000-0613",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1457",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/1457"
                },
                {
                  "name": "20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml"
                },
                {
                  "name": "20000320 PIX DMZ Denial of Service - TCP Resets",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net"
                },
                {
                  "name": "1454",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/1454"
                },
                {
                  "name": "cisco-pix-firewall-tcp(4928)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4928"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2000-0613",
        "datePublished": "2000-10-13T04:00:00.000Z",
        "dateReserved": "2000-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T05:21:31.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-1582 (GCVE-0-1999-1582)

    Vulnerability from nvd – Published: 2005-04-21 04:00 – Updated: 2024-08-01 17:18
    VLAI
    Summary
    By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.cisco.com/warp/public/707/pixest-pub.shtml vendor-advisoryx_refsource_CISCO
    http://www.kb.cert.org/vuls/id/6733 third-party-advisoryx_refsource_CERT-VN
    Date Public
    1998-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:18:07.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-pix-established-bypass(8052)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8052"
              },
              {
                "name": "19980715 PIX Firewall \"established\" Command",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/pixest-pub.shtml"
              },
              {
                "name": "VU#6733",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/6733"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "1998-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "By design, the \"established\" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cisco-pix-established-bypass(8052)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8052"
            },
            {
              "name": "19980715 PIX Firewall \"established\" Command",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/pixest-pub.shtml"
            },
            {
              "name": "VU#6733",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/6733"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-1582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "By design, the \"established\" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cisco-pix-established-bypass(8052)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8052"
                },
                {
                  "name": "19980715 PIX Firewall \"established\" Command",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/pixest-pub.shtml"
                },
                {
                  "name": "VU#6733",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/6733"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-1582",
        "datePublished": "2005-04-21T04:00:00.000Z",
        "dateReserved": "2005-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-01T17:18:07.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3906 (GCVE-0-2006-3906)

    Vulnerability from cvelistv5 – Published: 2006-07-27 22:00 – Updated: 2024-08-07 18:48
    VLAI
    Summary
    Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.nta-monitor.com/posts/2006/07/cisco-co… x_refsource_MISC
    http://www.securityfocus.com/bid/19176 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/441203/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/29068 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1016582 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/1293 third-party-advisoryx_refsource_SREASON
    http://www.cisco.com/en/US/tech/tk583/tk372/tsd_t… vendor-advisoryx_refsource_CISCO
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:48:39.430Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
              },
              {
                "name": "19176",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/19176"
              },
              {
                "name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
              },
              {
                "name": "29068",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29068"
              },
              {
                "name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
              },
              {
                "name": "oval:org.mitre.oval:def:5299",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
              },
              {
                "name": "1016582",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016582"
              },
              {
                "name": "1293",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1293"
              },
              {
                "name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
              },
              {
                "name": "cisco-ike-resource-exhaustion-dos(27972)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
            },
            {
              "name": "19176",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/19176"
            },
            {
              "name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
            },
            {
              "name": "29068",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29068"
            },
            {
              "name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5299",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
            },
            {
              "name": "1016582",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016582"
            },
            {
              "name": "1293",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1293"
            },
            {
              "name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
            },
            {
              "name": "cisco-ike-resource-exhaustion-dos(27972)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html",
                  "refsource": "MISC",
                  "url": "http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html"
                },
                {
                  "name": "19176",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/19176"
                },
                {
                  "name": "20060726 Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/441203/100/0/threaded"
                },
                {
                  "name": "29068",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29068"
                },
                {
                  "name": "20060728 Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:5299",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5299"
                },
                {
                  "name": "1016582",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016582"
                },
                {
                  "name": "1293",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1293"
                },
                {
                  "name": "20060726 Internet Key Exchange Resource Exhaustion Attack",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response09186a00806f33d4.html"
                },
                {
                  "name": "cisco-ike-resource-exhaustion-dos(27972)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27972"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3906",
        "datePublished": "2006-07-27T22:00:00.000Z",
        "dateReserved": "2006-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:48:39.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0515 (GCVE-0-2006-0515)

    Vulnerability from cvelistv5 – Published: 2006-05-09 10:00 – Updated: 2024-08-07 16:41
    VLAI
    Summary
    Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    http://www.osvdb.org/25453 vdb-entryx_refsource_OSVDB
    http://www.vsecurity.com/bulletins/advisories/200… x_refsource_MISC
    http://secunia.com/advisories/20044 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/17883 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1738 vdb-entryx_refsource_VUPEN
    http://www.cisco.com/en/US/products/sw/netmgtsw/p… vendor-advisoryx_refsource_CISCO
    http://securitytracker.com/id?1016040 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016039 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/433270/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-05-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:41:28.369Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html"
              },
              {
                "name": "25453",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/25453"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt"
              },
              {
                "name": "20044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20044"
              },
              {
                "name": "17883",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17883"
              },
              {
                "name": "ADV-2006-1738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1738"
              },
              {
                "name": "20060508 PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html"
              },
              {
                "name": "1016040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016040"
              },
              {
                "name": "1016039",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016039"
              },
              {
                "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/433270/100/0/threaded"
              },
              {
                "name": "cisco-websense-content-filtering-bypass(26308)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26308"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-05-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html"
            },
            {
              "name": "25453",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/25453"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt"
            },
            {
              "name": "20044",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20044"
            },
            {
              "name": "17883",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17883"
            },
            {
              "name": "ADV-2006-1738",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1738"
            },
            {
              "name": "20060508 PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html"
            },
            {
              "name": "1016040",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016040"
            },
            {
              "name": "1016039",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016039"
            },
            {
              "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/433270/100/0/threaded"
            },
            {
              "name": "cisco-websense-content-filtering-bypass(26308)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26308"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0515",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045899.html"
                },
                {
                  "name": "25453",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/25453"
                },
                {
                  "name": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt",
                  "refsource": "MISC",
                  "url": "http://www.vsecurity.com/bulletins/advisories/2006/cisco-websense-bypass.txt"
                },
                {
                  "name": "20044",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20044"
                },
                {
                  "name": "17883",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17883"
                },
                {
                  "name": "ADV-2006-1738",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1738"
                },
                {
                  "name": "20060508 PIX/ASA/FWSM Websense/N2H2 Content Filter Bypass",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_security_response09186a00806824ec.html"
                },
                {
                  "name": "1016040",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016040"
                },
                {
                  "name": "1016039",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016039"
                },
                {
                  "name": "20060508 VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/433270/100/0/threaded"
                },
                {
                  "name": "cisco-websense-content-filtering-bypass(26308)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26308"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0515",
        "datePublished": "2006-05-09T10:00:00.000Z",
        "dateReserved": "2006-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:41:28.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4499 (GCVE-0-2005-4499)

    Vulnerability from cvelistv5 – Published: 2005-12-22 11:00 – Updated: 2024-08-07 23:46
    VLAI
    Summary
    The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/420020/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/16025 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/sw/secursw/ps… x_refsource_MISC
    http://www.osvdb.org/22193 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/420103/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/18141 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-12-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:46:05.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
              },
              {
                "name": "16025",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16025"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
              },
              {
                "name": "22193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22193"
              },
              {
                "name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
              },
              {
                "name": "18141",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18141"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-12-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
            },
            {
              "name": "16025",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16025"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
            },
            {
              "name": "22193",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22193"
            },
            {
              "name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
            },
            {
              "name": "18141",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18141"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4499",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
                },
                {
                  "name": "16025",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16025"
                },
                {
                  "name": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml",
                  "refsource": "MISC",
                  "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
                },
                {
                  "name": "22193",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22193"
                },
                {
                  "name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
                },
                {
                  "name": "18141",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18141"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4499",
        "datePublished": "2005-12-22T11:00:00.000Z",
        "dateReserved": "2005-12-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:46:05.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3669 (GCVE-0-2005-3669)

    Vulnerability from cvelistv5 – Published: 2005-11-18 21:00 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1015200 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1015202 vdb-entryx_refsource_SECTRACK
    http://www.niscc.gov.uk/niscc/docs/br-20051114-01… x_refsource_MISC
    http://jvn.jp/niscc/NISCC-273756/index.html x_refsource_MISC
    http://securitytracker.com/id?1015201 vdb-entryx_refsource_SECTRACK
    http://www.ee.oulu.fi/research/ouspg/protos/testi… x_refsource_MISC
    http://www.securityfocus.com/bid/15401 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/226364 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1015199 vdb-entryx_refsource_SECTRACK
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1015198 vdb-entryx_refsource_SECTRACK
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://secunia.com/advisories/17553 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1015200",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015200"
              },
              {
                "name": "1015202",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/niscc/NISCC-273756/index.html"
              },
              {
                "name": "1015201",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015201"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
              },
              {
                "name": "15401",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15401"
              },
              {
                "name": "VU#226364",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/226364"
              },
              {
                "name": "1015199",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015199"
              },
              {
                "name": "oval:org.mitre.oval:def:5226",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
              },
              {
                "name": "1015198",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015198"
              },
              {
                "name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
              },
              {
                "name": "17553",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.  NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1015200",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015200"
            },
            {
              "name": "1015202",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/niscc/NISCC-273756/index.html"
            },
            {
              "name": "1015201",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015201"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
            },
            {
              "name": "15401",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15401"
            },
            {
              "name": "VU#226364",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/226364"
            },
            {
              "name": "1015199",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015199"
            },
            {
              "name": "oval:org.mitre.oval:def:5226",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
            },
            {
              "name": "1015198",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015198"
            },
            {
              "name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
            },
            {
              "name": "17553",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17553"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3669",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.  NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1015200",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015200"
                },
                {
                  "name": "1015202",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015202"
                },
                {
                  "name": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en",
                  "refsource": "MISC",
                  "url": "http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en"
                },
                {
                  "name": "http://jvn.jp/niscc/NISCC-273756/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/niscc/NISCC-273756/index.html"
                },
                {
                  "name": "1015201",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015201"
                },
                {
                  "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
                  "refsource": "MISC",
                  "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
                },
                {
                  "name": "15401",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15401"
                },
                {
                  "name": "VU#226364",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/226364"
                },
                {
                  "name": "1015199",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015199"
                },
                {
                  "name": "oval:org.mitre.oval:def:5226",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5226"
                },
                {
                  "name": "1015198",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015198"
                },
                {
                  "name": "20051114 Multiple Vulnerabilities Found by PROTOS IPSec Test Suite",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
                },
                {
                  "name": "17553",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17553"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3669",
        "datePublished": "2005-11-18T21:00:00.000Z",
        "dateReserved": "2005-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-1582 (GCVE-0-1999-1582)

    Vulnerability from cvelistv5 – Published: 2005-04-21 04:00 – Updated: 2024-08-01 17:18
    VLAI
    Summary
    By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.cisco.com/warp/public/707/pixest-pub.shtml vendor-advisoryx_refsource_CISCO
    http://www.kb.cert.org/vuls/id/6733 third-party-advisoryx_refsource_CERT-VN
    Date Public
    1998-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:18:07.659Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-pix-established-bypass(8052)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8052"
              },
              {
                "name": "19980715 PIX Firewall \"established\" Command",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/pixest-pub.shtml"
              },
              {
                "name": "VU#6733",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/6733"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "1998-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "By design, the \"established\" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cisco-pix-established-bypass(8052)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8052"
            },
            {
              "name": "19980715 PIX Firewall \"established\" Command",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/pixest-pub.shtml"
            },
            {
              "name": "VU#6733",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/6733"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-1582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "By design, the \"established\" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cisco-pix-established-bypass(8052)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8052"
                },
                {
                  "name": "19980715 PIX Firewall \"established\" Command",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/pixest-pub.shtml"
                },
                {
                  "name": "VU#6733",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/6733"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-1582",
        "datePublished": "2005-04-21T04:00:00.000Z",
        "dateReserved": "2005-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-01T17:18:07.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0079 (GCVE-0-2004-0079)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2025-01-16 17:33
    VLAI
    Summary
    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://secunia.com/advisories/17381 third-party-advisoryx_refsource_SECUNIA
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories… vendor-advisoryx_refsource_FREEBSD
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://secunia.com/advisories/17401 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2005-829.html vendor-advisoryx_refsource_REDHAT
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2005-830.html vendor-advisoryx_refsource_REDHAT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://support.lexmark.com/index?page=content&id=… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/17398 third-party-advisoryx_refsource_SECUNIA
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/288574 third-party-advisoryx_refsource_CERT-VN
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/18247 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "FEDORA-2005-1042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "oval:org.mitre.oval:def:2621",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "17381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17381"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "oval:org.mitre.oval:def:9779",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
              },
              {
                "name": "oval:org.mitre.oval:def:975",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "FreeBSD-SA-04:05",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FREEBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "17401",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17401"
              },
              {
                "name": "RHSA-2005:829",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:870",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
              },
              {
                "name": "RHSA-2005:830",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "17398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17398"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "openssl-dochangecipherspec-dos(15505)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "VU#288574",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/288574"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "18247",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18247"
              },
              {
                "name": "oval:org.mitre.oval:def:5770",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2004-0079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-08T16:21:54.985893Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-476",
                    "description": "CWE-476 NULL Pointer Dereference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T17:33:22.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "FEDORA-2005-1042",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "oval:org.mitre.oval:def:2621",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "17381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "oval:org.mitre.oval:def:9779",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
            },
            {
              "name": "oval:org.mitre.oval:def:975",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "FreeBSD-SA-04:05",
              "tags": [
                "vendor-advisory",
                "x_refsource_FREEBSD"
              ],
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "17401",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17401"
            },
            {
              "name": "RHSA-2005:829",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:870",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
            },
            {
              "name": "RHSA-2005:830",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "17398",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17398"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "openssl-dochangecipherspec-dos(15505)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "VU#288574",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/288574"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "18247",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18247"
            },
            {
              "name": "oval:org.mitre.oval:def:5770",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0079",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "FEDORA-2005-1042",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "oval:org.mitre.oval:def:2621",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "17381",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17381"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9779",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779"
                },
                {
                  "name": "oval:org.mitre.oval:def:975",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "FreeBSD-SA-04:05",
                  "refsource": "FREEBSD",
                  "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "17401",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17401"
                },
                {
                  "name": "RHSA-2005:829",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-829.html"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:870",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870"
                },
                {
                  "name": "RHSA-2005:830",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2005-830.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US",
                  "refsource": "CONFIRM",
                  "url": "http://support.lexmark.com/index?page=content\u0026id=TE88\u0026locale=EN\u0026userlocale=EN_US"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "17398",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17398"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "openssl-dochangecipherspec-dos(15505)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15505"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "VU#288574",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/288574"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "18247",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18247"
                },
                {
                  "name": "oval:org.mitre.oval:def:5770",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0079",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2025-01-16T17:33:22.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0081 (GCVE-0-2004-0081)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://www.linuxsecurity.com/advisories/engarde_a… vendor-advisoryx_refsource_ENGARDE
    http://marc.info/?l=bugtraq&m=107955049331965&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://fedoranews.org/updates/FEDORA-2004-095.shtml vendor-advisoryx_refsource_FEDORA
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.kb.cert.org/vuls/id/465542 third-party-advisoryx_refsource_CERT-VN
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2004-119.html vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/support/errata/RHSA-2004-139.html vendor-advisoryx_refsource_REDHAT
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://marc.info/?l=bugtraq&m=108403850228012&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.debian.org/security/2004/dsa-465 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.650Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "ESA-20040317-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_ENGARDE",
                  "x_transferred"
                ],
                "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
              },
              {
                "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "name": "20040304-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
              },
              {
                "name": "openssl-tls-dos(15509)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "FEDORA-2004-095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "oval:org.mitre.oval:def:871",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
              },
              {
                "name": "oval:org.mitre.oval:def:11755",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
              },
              {
                "name": "VU#465542",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/465542"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "RHSA-2004:119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
              },
              {
                "name": "oval:org.mitre.oval:def:902",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
              },
              {
                "name": "RHSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "name": "DSA-465",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "ESA-20040317-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_ENGARDE"
              ],
              "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
            },
            {
              "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "name": "20040304-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "openssl-tls-dos(15509)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "FEDORA-2004-095",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "oval:org.mitre.oval:def:871",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
            },
            {
              "name": "oval:org.mitre.oval:def:11755",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
            },
            {
              "name": "VU#465542",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/465542"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "RHSA-2004:119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "name": "oval:org.mitre.oval:def:902",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
            },
            {
              "name": "RHSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "name": "DSA-465",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0081",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "ESA-20040317-003",
                  "refsource": "ENGARDE",
                  "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html"
                },
                {
                  "name": "20040317 Re: New OpenSSL releases fix denial of service attacks [17  March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107955049331965\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "20040304-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
                },
                {
                  "name": "openssl-tls-dos(15509)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15509"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "FEDORA-2004-095",
                  "refsource": "FEDORA",
                  "url": "http://fedoranews.org/updates/FEDORA-2004-095.shtml"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "oval:org.mitre.oval:def:871",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871"
                },
                {
                  "name": "oval:org.mitre.oval:def:11755",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755"
                },
                {
                  "name": "VU#465542",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/465542"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "RHSA-2004:119",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:902",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902"
                },
                {
                  "name": "RHSA-2004:139",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-139.html"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "DSA-465",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0081",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0112 (GCVE-0-2004-0112)

    Vulnerability from cvelistv5 – Published: 2004-03-18 05:00 – Updated: 2024-08-08 00:10
    VLAI
    Summary
    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/9899 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=108403806509920&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2004-121.html vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-20… vendor-advisoryx_refsource_SCO
    http://www.uniras.gov.uk/vuls/2004/224012/index.htm x_refsource_MISC
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=f… vendor-advisoryx_refsource_SUNALERT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/mhonarc/security-announce/… x_refsource_CONFIRM
    http://www.openssl.org/news/secadv_20040317.txt x_refsource_CONFIRM
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.ciac.org/ciac/bulletins/o-101.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.us-cert.gov/cas/techalerts/TA04-078A.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/484726 third-party-advisoryx_refsource_CERT-VN
    http://security.gentoo.org/glsa/glsa-200403-03.xml vendor-advisoryx_refsource_GENTOO
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/11139 third-party-advisoryx_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2004-120.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=107953412903636&w=2 mailing-listx_refsource_BUGTRAQ
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.slackware.org/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.trustix.org/errata/2004/0012 vendor-advisoryx_refsource_TRUSTIX
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://docs.info.apple.com/article.html?artnum=61798 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2004-03-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:10:03.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "9899",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9899"
              },
              {
                "name": "SSRT4717",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
              },
              {
                "name": "RHSA-2004:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
              },
              {
                "name": "MDKSA-2004:023",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
              },
              {
                "name": "CLA-2004:834",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
              },
              {
                "name": "SCOSA-2004.10",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SCO",
                  "x_transferred"
                ],
                "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
              },
              {
                "name": "57524",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
              },
              {
                "name": "SuSE-SA:2004:007",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20040317.txt"
              },
              {
                "name": "NetBSD-SA2004-005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
              },
              {
                "name": "O-101",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
              },
              {
                "name": "TA04-078A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
              },
              {
                "name": "oval:org.mitre.oval:def:1049",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
              },
              {
                "name": "openssl-kerberos-ciphersuites-dos(15508)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
              },
              {
                "name": "VU#484726",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/484726"
              },
              {
                "name": "GLSA-200403-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
              },
              {
                "name": "oval:org.mitre.oval:def:9580",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
              },
              {
                "name": "11139",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11139"
              },
              {
                "name": "RHSA-2004:120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
              },
              {
                "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
              },
              {
                "name": "APPLE-SA-2005-08-15",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
              },
              {
                "name": "SSA:2004-077",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
              },
              {
                "name": "2004-0012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://www.trustix.org/errata/2004/0012"
              },
              {
                "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=61798"
              },
              {
                "name": "APPLE-SA-2005-08-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
              },
              {
                "name": "oval:org.mitre.oval:def:928",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-03-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "9899",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9899"
            },
            {
              "name": "SSRT4717",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
            },
            {
              "name": "RHSA-2004:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
            },
            {
              "name": "MDKSA-2004:023",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
            },
            {
              "name": "CLA-2004:834",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
            },
            {
              "name": "SCOSA-2004.10",
              "tags": [
                "vendor-advisory",
                "x_refsource_SCO"
              ],
              "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
            },
            {
              "name": "57524",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
            },
            {
              "name": "SuSE-SA:2004:007",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20040317.txt"
            },
            {
              "name": "NetBSD-SA2004-005",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
            },
            {
              "name": "O-101",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
            },
            {
              "name": "TA04-078A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1049",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
            },
            {
              "name": "openssl-kerberos-ciphersuites-dos(15508)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
            },
            {
              "name": "VU#484726",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/484726"
            },
            {
              "name": "GLSA-200403-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:9580",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
            },
            {
              "name": "11139",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11139"
            },
            {
              "name": "RHSA-2004:120",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
            },
            {
              "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
            },
            {
              "name": "APPLE-SA-2005-08-15",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
            },
            {
              "name": "SSA:2004-077",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
            },
            {
              "name": "2004-0012",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://www.trustix.org/errata/2004/0012"
            },
            {
              "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=61798"
            },
            {
              "name": "APPLE-SA-2005-08-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:928",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "9899",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9899"
                },
                {
                  "name": "SSRT4717",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403806509920\u0026w=2"
                },
                {
                  "name": "RHSA-2004:121",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
                },
                {
                  "name": "MDKSA-2004:023",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
                },
                {
                  "name": "CLA-2004:834",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000834"
                },
                {
                  "name": "SCOSA-2004.10",
                  "refsource": "SCO",
                  "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
                },
                {
                  "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
                  "refsource": "MISC",
                  "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
                },
                {
                  "name": "57524",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
                },
                {
                  "name": "SuSE-SA:2004:007",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
                },
                {
                  "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
                  "refsource": "CONFIRM",
                  "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20040317.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20040317.txt"
                },
                {
                  "name": "NetBSD-SA2004-005",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
                },
                {
                  "name": "O-101",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
                },
                {
                  "name": "TA04-078A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:1049",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
                },
                {
                  "name": "openssl-kerberos-ciphersuites-dos(15508)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
                },
                {
                  "name": "VU#484726",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/484726"
                },
                {
                  "name": "GLSA-200403-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
                },
                {
                  "name": "oval:org.mitre.oval:def:9580",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
                },
                {
                  "name": "11139",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11139"
                },
                {
                  "name": "RHSA-2004:120",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
                },
                {
                  "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=107953412903636\u0026w=2"
                },
                {
                  "name": "APPLE-SA-2005-08-15",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
                },
                {
                  "name": "SSA:2004-077",
                  "refsource": "SLACKWARE",
                  "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.455961"
                },
                {
                  "name": "2004-0012",
                  "refsource": "TRUSTIX",
                  "url": "http://www.trustix.org/errata/2004/0012"
                },
                {
                  "name": "20040317 Cisco OpenSSL Implementation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=61798",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=61798"
                },
                {
                  "name": "APPLE-SA-2005-08-17",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:928",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0112",
        "datePublished": "2004-03-18T05:00:00.000Z",
        "dateReserved": "2004-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:10:03.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1004 (GCVE-0-2003-1004)

    Vulnerability from cvelistv5 – Published: 2003-12-17 05:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:35.344Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20031215 Cisco PIX Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-12-17T05:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20031215 Cisco PIX Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20031215 Cisco PIX Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1004",
        "datePublished": "2003-12-17T05:00:00.000Z",
        "dateReserved": "2003-12-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:36.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1003 (GCVE-0-2003-1003)

    Vulnerability from cvelistv5 – Published: 2003-12-17 05:00 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:12:35.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20031215 Cisco PIX Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2003-12-17T05:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20031215 Cisco PIX Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20031215 Cisco PIX Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1003",
        "datePublished": "2003-12-17T05:00:00.000Z",
        "dateReserved": "2003-12-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:22.388Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0851 (GCVE-0-2003-0851)

    Vulnerability from cvelistv5 – Published: 2003-11-06 05:00 – Updated: 2024-08-08 02:05
    VLAI
    Summary
    OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.redhat.com/archives/fedora-announce-li… vendor-advisoryx_refsource_FEDORA
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://secunia.com/advisories/17381 third-party-advisoryx_refsource_SECUNIA
    ftp://ftp.netbsd.org/pub/NetBSD/security/advisori… vendor-advisoryx_refsource_NETBSD
    http://www.cisco.com/warp/public/707/cisco-sa-200… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/8970 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=106796246511667&w=2 mailing-listx_refsource_BUGTRAQ
    http://rhn.redhat.com/errata/RHSA-2004-119.html vendor-advisoryx_refsource_REDHAT
    http://www.openssl.org/news/secadv_20031104.txt x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/412478 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=108403850228012&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2003-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:05:12.617Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5528",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
              },
              {
                "name": "FEDORA-2005-1042",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
              },
              {
                "name": "20040304-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
              },
              {
                "name": "17381",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17381"
              },
              {
                "name": "NetBSD-SA2004-003",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_NETBSD",
                  "x_transferred"
                ],
                "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
              },
              {
                "name": "20030930 SSL Implementation Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
              },
              {
                "name": "8970",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8970"
              },
              {
                "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
              },
              {
                "name": "RHSA-2004:119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openssl.org/news/secadv_20031104.txt"
              },
              {
                "name": "VU#412478",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/412478"
              },
              {
                "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5528",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
            },
            {
              "name": "FEDORA-2005-1042",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
            },
            {
              "name": "20040304-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
            },
            {
              "name": "17381",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17381"
            },
            {
              "name": "NetBSD-SA2004-003",
              "tags": [
                "vendor-advisory",
                "x_refsource_NETBSD"
              ],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
            },
            {
              "name": "20030930 SSL Implementation Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
            },
            {
              "name": "8970",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8970"
            },
            {
              "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
            },
            {
              "name": "RHSA-2004:119",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openssl.org/news/secadv_20031104.txt"
            },
            {
              "name": "VU#412478",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/412478"
            },
            {
              "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0851",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5528",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528"
                },
                {
                  "name": "FEDORA-2005-1042",
                  "refsource": "FEDORA",
                  "url": "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html"
                },
                {
                  "name": "20040304-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc"
                },
                {
                  "name": "17381",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17381"
                },
                {
                  "name": "NetBSD-SA2004-003",
                  "refsource": "NETBSD",
                  "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc"
                },
                {
                  "name": "20030930 SSL Implementation Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml"
                },
                {
                  "name": "8970",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8970"
                },
                {
                  "name": "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=106796246511667\u0026w=2"
                },
                {
                  "name": "RHSA-2004:119",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2004-119.html"
                },
                {
                  "name": "http://www.openssl.org/news/secadv_20031104.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.openssl.org/news/secadv_20031104.txt"
                },
                {
                  "name": "VU#412478",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/412478"
                },
                {
                  "name": "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108403850228012\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0851",
        "datePublished": "2003-11-06T05:00:00.000Z",
        "dateReserved": "2003-10-10T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:05:12.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-0954 (GCVE-0-2002-0954)

    Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
    VLAI
    Summary
    The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://marc.info/?l=bugtraq&m=102651159507659&w=2 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-06-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:12:15.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html"
              },
              {
                "name": "20020712 The answer to the PIX encryption issue",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=102651159507659\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-06-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-17T13:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html"
            },
            {
              "name": "20020712 The answer to the PIX encryption issue",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=102651159507659\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-0954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html"
                },
                {
                  "name": "20020712 The answer to the PIX encryption issue",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=102651159507659\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-0954",
        "datePublished": "2002-08-31T04:00:00.000Z",
        "dateReserved": "2002-08-16T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:12:15.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2000-0613 (GCVE-0-2000-0613)

    Vulnerability from cvelistv5 – Published: 2000-10-13 04:00 – Updated: 2024-08-08 05:21
    VLAI
    Summary
    Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/1457 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/warp/public/707/pixtcpreset-… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/templates/archive.pi… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/1454 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2000-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T05:21:31.253Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1457",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/1457"
              },
              {
                "name": "20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml"
              },
              {
                "name": "20000320 PIX DMZ Denial of Service - TCP Resets",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=B3D6883199DBD311868100A0C9FC2CDC046B72%40protea.citec.net"
              },
              {
                "name": "1454",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/1454"
              },
              {
                "name": "cisco-pix-firewall-tcp(4928)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4928"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-09-02T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1457",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/1457"
            },
            {
              "name": "20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml"
            },
            {
              "name": "20000320 PIX DMZ Denial of Service - TCP Resets",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=B3D6883199DBD311868100A0C9FC2CDC046B72%40protea.citec.net"
            },
            {
              "name": "1454",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/1454"
            },
            {
              "name": "cisco-pix-firewall-tcp(4928)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2000-0613",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1457",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/1457"
                },
                {
                  "name": "20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml"
                },
                {
                  "name": "20000320 PIX DMZ Denial of Service - TCP Resets",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net"
                },
                {
                  "name": "1454",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/1454"
                },
                {
                  "name": "cisco-pix-firewall-tcp(4928)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4928"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2000-0613",
        "datePublished": "2000-10-13T04:00:00.000Z",
        "dateReserved": "2000-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T05:21:31.253Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }