CVE-2004-0079

Name: CVE-2004-0079
Creator: NVD / NIST
Published: 2004-11-23T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 9.54%

Last modified Jun 16, 2026

CVE-2004-0079 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.. EPSS estimates a 9.54% chance of exploitation in the next 30 days.

Description

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

9.54%

94.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Cisco	Firewall Services Module	All versions	—
Cisco	Firewall Services Module	1.1.2	—
Cisco	Firewall Services Module	1.1.3	—
Cisco	Firewall Services Module	1.1_\(3.005\)	—
Cisco	Firewall Services Module	2.1_\(0.208\)	—
Hp	Aaa Server	All versions	—
Hp	Apache-Based Web Server	2.0.43.00	—
Hp	Apache-Based Web Server	2.0.43.04	—
Symantec	Clientless Vpn Gateway 4400	5.0	—
Cisco	Ciscoworks Common Management Foundation	2.1	—
Cisco	Ciscoworks Common Services	2.2	—
Avaya	Converged Communications Server	2.0	—
Avaya	Sg200	4.4	—
Avaya	Sg200	4.31.29	—
Avaya	Sg203	4.4	—
Avaya	Sg203	4.31.29	—
Avaya	Sg208	All versions	—
Avaya	Sg208	4.4	—
Avaya	Sg5	4.2	—
Avaya	Sg5	4.3	—
Avaya	Sg5	4.4	—
Apple	Mac Os X	10.3.3	—
Apple	Mac Os X Server	10.3.3	—
Freebsd	Freebsd	4.8	—
Freebsd	Freebsd	4.9	—
Freebsd	Freebsd	5.1	—
Freebsd	Freebsd	5.2	—
Freebsd	Freebsd	5.2.1	Release
Hp	Hp-Ux	8.05	—
Hp	Hp-Ux	11.00	—
Hp	Hp-Ux	11.11	—
Hp	Hp-Ux	11.23	—
Openbsd	Openbsd	3.3	—
Openbsd	Openbsd	3.4	—
Redhat	Enterprise Linux	3.0	—
Redhat	Enterprise Linux Desktop	3.0	—
Redhat	Linux	7.2	—
Redhat	Linux	7.3	—
Redhat	Linux	8.0	—
Sco	Openserver	5.0.6	—
Sco	Openserver	5.0.7	—
Cisco	Ios	12.1\(11\)e	—
Cisco	Ios	12.1\(11b\)e	—
Cisco	Ios	12.1\(11b\)e12	—
Cisco	Ios	12.1\(11b\)e14	—
Cisco	Ios	12.1\(13\)e9	—
Cisco	Ios	12.1\(19\)e1	—
Cisco	Ios	12.2\(14\)sy	—
Cisco	Ios	12.2\(14\)sy1	—
Cisco	Ios	12.2sy	—

Showing 50 of 237 affected configurations. See NVD for the full list.

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.ascBroken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascBroken Link
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834Broken Link
http://docs.info.apple.com/article.html?artnum=61798Broken Link
http://fedoranews.org/updates/FEDORA-2004-095.shtmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlMailing List
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlMailing List
http://lists.apple.com/mhonarc/security-announce/msg00045.htmlBroken Link
http://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing List
http://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing List
http://secunia.com/advisories/11139Broken Link
http://secunia.com/advisories/17381Broken Link
http://secunia.com/advisories/17398Broken Link
http://secunia.com/advisories/17401Broken Link
http://secunia.com/advisories/18247Broken Link
http://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2005-239.htmThird Party Advisory
http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_USBroken Link
http://www.ciac.org/ciac/bulletins/o-101.shtmlBroken Link
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlBroken Link
http://www.debian.org/security/2004/dsa-465Third Party Advisory
http://www.kb.cert.org/vuls/id/288574Third Party Advisory, US Government Resource
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.htmlBroken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2004:023Third Party Advisory
http://www.novell.com/linux/security/advisories/2004_07_openssl.htmlBroken Link
http://www.openssl.org/news/secadv_20040317.txtThird Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.htmlMailing List
http://www.redhat.com/support/errata/RHSA-2004-120.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2004-121.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2004-139.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-829.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-830.htmlBroken Link
http://www.securityfocus.com/bid/9899Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961Broken Link
http://www.trustix.org/errata/2004/0012Broken Link
http://www.uniras.gov.uk/vuls/2004/224012/index.htmBroken Link
http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlBroken Link, Third Party Advisory, US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/15505Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779Broken Link
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.ascBroken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.ascBroken Link
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txtBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834Broken Link
http://docs.info.apple.com/article.html?artnum=61798Broken Link
http://fedoranews.org/updates/FEDORA-2004-095.shtmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlMailing List
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlMailing List
http://lists.apple.com/mhonarc/security-announce/msg00045.htmlBroken Link
http://marc.info/?l=bugtraq&m=107953412903636&w=2Mailing List
http://marc.info/?l=bugtraq&m=108403806509920&w=2Mailing List
http://secunia.com/advisories/11139Broken Link
http://secunia.com/advisories/17381Broken Link
http://secunia.com/advisories/17398Broken Link
http://secunia.com/advisories/17401Broken Link
http://secunia.com/advisories/18247Broken Link
http://security.gentoo.org/glsa/glsa-200403-03.xmlThird Party Advisory
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2005-239.htmThird Party Advisory
http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_USBroken Link
http://www.ciac.org/ciac/bulletins/o-101.shtmlBroken Link
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtmlBroken Link
http://www.debian.org/security/2004/dsa-465Third Party Advisory
http://www.kb.cert.org/vuls/id/288574Third Party Advisory, US Government Resource
http://www.linuxsecurity.com/advisories/engarde_advisory-4135.htmlBroken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2004:023Third Party Advisory
http://www.novell.com/linux/security/advisories/2004_07_openssl.htmlBroken Link
http://www.openssl.org/news/secadv_20040317.txtThird Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.htmlMailing List
http://www.redhat.com/support/errata/RHSA-2004-120.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2004-121.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2004-139.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-829.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-830.htmlBroken Link
http://www.securityfocus.com/bid/9899Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961Broken Link
http://www.trustix.org/errata/2004/0012Broken Link
http://www.uniras.gov.uk/vuls/2004/224012/index.htmBroken Link
http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlBroken Link, Third Party Advisory, US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/15505Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779Broken Link

Timeline

Published: Nov 23, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-0079?

How severe is CVE-2004-0079?

CVE-2004-0079 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 9.54% probability of exploitation in the next 30 days.

How do I fix CVE-2004-0079?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-0079?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST