Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:465542
HistoryMar 17, 2004 - 12:00 a.m.

OpenSSL does not properly handle unknown message types

2004-03-1700:00:00
www.kb.cert.org
26

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.9%

JSON

Overview

OpenSSL does not properly handle unknown message types, allowing an unauthenticated, remote attacker to cause a denial of service. This vulnerability was addressed in OpenSSL 0.9.6d and 0.9.7.

Description

OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others.

OpenSSL prior to version 0.9.6d does not properly handle unknown message types. An attacker could cause the application using OpenSSL to enter an infinite loop, resulting in a denial of service.

Further information is available in NISCC/224012/OpenSSL/3.

Impact

An unauthenticated, remote attacker could cause a denial of service in an application that uses OpenSSL.

Solution

Upgrade or Patch
This vulnerability was addressed in OpenSSL versions 0.9.6d and 0.9.7. Upgrade to OpenSSL version 0.9.6d or 0.9.7 greater. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.

Vendor Information

465542

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Cisco Systems Inc. __ Affected

Notified: March 17, 2004 Updated: March 18, 2004

Status

Affected

Vendor Statement

Our Security Advisory for this issue is posted at

<http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Debian __ Affected

Notified: March 17, 2004 Updated: March 18, 2004

Status

Affected

Vendor Statement

We have addressed CAN-2004-0079 and CAN-2004-0081 in DSA-456. CAN-2004-0112 does not affect our stable release.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Gentoo Linux __ Affected

Updated: March 18, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see GLSA 200403-03.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Guardian Digital Inc. __ Affected

Notified: March 17, 2004 Updated: March 18, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see ESA-20040317-003.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

NetScreen __ Affected

Notified: March 17, 2004 Updated: March 18, 2004

Status

Affected

Vendor Statement

We were given advance notification of this issue by NISCC and have patches available today. We have an advisory published on our website at the following URL:

<http://www.netscreen.com/services/security/alerts/adv58466-signed.txt&gt;

Here are the details from the advisory:

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered an infinite loop (CAN-2004-0081) which a remote attacker may be able to exploit causing the application to become unresponsive. This issue affects the NetScreen IVE platform. All other NetScreen products are immune to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

OpenSSL __ Affected

Updated: March 17, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

This vulnerability was addressed in OpenSSL 0.9.6d.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Red Hat Inc. __ Affected

Notified: March 17, 2004 Updated: March 18, 2004

Status

Affected

Vendor Statement

Red Hat distributes various versions of OpenSSL in Red Hat Linux, Red Hat Enterprise Linux, and Stronghold distributions. Updated packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the ‘up2date’ tool.

Red Hat Linux 9:

<http://rhn.redhat.com/errata/RHSA-2004-121.html&gt;Red Hat Enterprise Linux:

<http://rhn.redhat.com/errata/RHSA-2004-120.html&gt;Stronghold 4 (Cross-platform):

<http://rhn.redhat.com/errata/RHSA-2004-139.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see RHSA-2004:119, RHSA-2004:120, RHSA-2004:121, and RHSA-2004:139.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Apple Computer Inc. __ Not Affected

Notified: March 17, 2004 Updated: May 06, 2005

Status

Not Affected

Vendor Statement

Mac OS X 10.2, Mac OS X Server 10.2, and later do not contain this issue as the vulnerable versions of OpenSSL were not distributed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

3Com Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

AT&T Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Alcatel Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Apache Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Apache-SSL Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Avaya Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Borderware Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Certicom Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Check Point Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Clavister Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Computer Associates Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Conectiva Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Covalent Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Cray Inc. Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

D-Link Systems Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Dan Bernstein Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

EMC Corporation Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Extreme Networks Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

F-Secure Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

F5 Networks Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Foundry Networks Inc. Unknown

Notified: March 17, 2004 Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

FreeBSD Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

FreeS/WAN Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Fujitsu Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Global Technology Associates Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Hewlett-Packard Company Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Hitachi Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

IBM Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

IP Filter Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Ingrian Networks Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Intel Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Internet Initiative Japan (IIJ) Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Intoto Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Juniper Networks Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

KAME Project Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Linksys Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Lotus Software Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Lucent Technologies Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Lucent Technologies Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

MandrakeSoft Unknown

Notified: March 17, 2004 Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Microsoft Corporation Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

MontaVista Software Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Multi-Tech Systems Inc. Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

NEC Corporation Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

National Center for Supercomputing Applications (NCSA) Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

National Institute of Standards and Technology (NIST) Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

NetBSD Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Netfilter Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Network Appliance Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Network Associates Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Nokia Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Nortel Networks Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Novell Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

OpenBSD Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Openwall GNU/*/Linux Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Redback Networks Inc. Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Riverstone Networks Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

SCO Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

SGI Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

SSH Communications Security Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

SafeNet Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Secure Computing Corporation Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

SecureWorx Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Sony Corporation Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Stonesoft Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

SuSE Inc. Unknown

Notified: March 17, 2004 Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Sun Microsystems Inc. __ Unknown

Notified: March 17, 2004 Updated: March 18, 2004

Status

Unknown

Vendor Statement

The Solaris Operating System has been determined not to be vulnerable to these issues. Sun is currently investigating the possible impact of these vulnerabilities to other Sun products which utilize the SSL protocol.

Please refer to the link below for further details and updates:

<http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57524&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Sun Alert Notification 57524.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Symantec Corporation Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

TurboLinux Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Unisys Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

WatchGuard Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Wind River Systems Inc. Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

Wirex Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

ZyXEL Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

eSoft Unknown

Updated: March 18, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23465542 Feedback>).

View all 83 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by the OpenSSL Project and the U.K. National Infrastructure Security Co-ordination Centre (NISCC).

This document was written by Damon Morda and Art Manion.

Other Information

CVE IDs: CVE-2004-0081
Severity Metric: 5.16 Date Public:

Related

redhat 4
cisco 1
nessus 34
openvas 20
securityvulns 2
f5 1
cert 2
gentoo 1
nvd 4
cvelist 4
cve 4
debian 1
osv 1
slackware 1
redhatcve 1
suse 1
altlinux 3
freebsd_advisory 1
ubuntucve 1
debiancve 3
centos 1
freebsd 1
openssl 3
oraclelinux 3
redhat
redhat
(RHSA-2004:120) openssl security update
2004-05-21 00:00:00
(RHSA-2005:830) openssl096b security update
2005-11-02 00:00:00
(RHSA-2005:829) openssl security update
2005-11-02 00:00:00
cisco
cisco
Cisco OpenSSL Implementation Vulnerability
2004-03-17 13:00:00
nessus
nessus
RHEL 3 : openssl (RHSA-2004:120)
2004-07-06 00:00:00
OpenSSL < 0.9.6m / 0.9.7d Multiple Remote DoS
2004-03-17 00:00:00
GLSA-200403-03 : Multiple OpenSSL Vulnerabilities
2004-08-30 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200403-03 (OpenSSL)
2008-09-24 00:00:00
HP-UX Update for AAA Server HPSBUX01011
2009-05-05 00:00:00
HP-UX Update for AAA Server HPSBUX01011
2009-05-05 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA04-078A -- Multiple Vulnerabilities in OpenSSL
2004-03-19 00:00:00
OpenSSL Security Advisory [17 March 2004]
2004-03-17 00:00:00
f5
f5
Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112
2004-02-23 04:00:00
cert
cert
OpenSSL contains null-pointer assignment in do_change_cipher_spec() function
2004-03-17 00:00:00
OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake
2004-03-17 00:00:00
gentoo
gentoo
Multiple OpenSSL Vulnerabilities
2004-03-17 00:00:00
nvd
nvd
CVE-2005-1730
2005-12-31 05:00:00
CVE-2004-0079
2004-11-23 05:00:00
CVE-2004-0112
2004-11-23 05:00:00
cvelist
cvelist
CVE-2005-1730
2007-03-03 23:00:00
CVE-2004-0079
2004-03-18 05:00:00
CVE-2004-0081
2004-03-18 05:00:00
cve
cve
CVE-2005-1730
2007-03-03 23:00:00
CVE-2004-0081
2004-11-23 05:00:00
CVE-2004-0079
2004-11-23 05:00:00
debian
debian
[SECURITY] [DSA 465-1] New openssl packages fix multiple vulnerabilities
2004-03-17 20:14:05
osv
osv
openssl - several vulnerabilities
2004-03-17 00:00:00
slackware
slackware
OpenSSL security update
2004-03-17 17:34:04
redhatcve
redhatcve
CVE-2005-1730
2015-10-30 10:15:31
suse
suse
remote denial-of-service in openssl
2004-03-17 13:37:40
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 0.9.6l-alt2
2004-03-17 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.6l-alt2
2004-03-17 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.6l-alt2
2004-03-17 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-04:05.openssl
2004-03-17 00:00:00
ubuntucve
ubuntucve
CVE-2004-0079
2004-11-23 00:00:00
debiancve
debiancve
CVE-2004-0081
2004-11-23 05:00:00
CVE-2004-0079
2004-11-23 05:00:00
CVE-2004-0112
2004-11-23 05:00:00
centos
centos
openssl, openssl095a, openssl096 security update
2005-11-03 05:24:10
freebsd
freebsd
OpenSSL ChangeCipherSpec denial-of-service vulnerability
2004-03-17 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2004-0079
2004-03-17 00:00:00
Vulnerability in OpenSSL CVE-2004-0081
2004-03-17 00:00:00
Vulnerability in OpenSSL CVE-2004-0112
2004-03-17 00:00:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.006 Low

EPSS

Percentile

77.9%

JSON
Related for VU:465542
redhat4cisco1nessus34openvas20securityvulns2f51cert2gentoo1nvd4cvelist4cve4debian1osv1slackware1redhatcve1suse1altlinux3freebsd_advisory1ubuntucve1debiancve3centos1freebsd1openssl3oraclelinux3