CVE-2004-0081
UnknownEPSS 7.23%
Last modified
CVE-2004-0081 is a vulnerability of currently unknown severity. OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.. EPSS estimates a 7.23% chance of exploitation in the next 30 days.
Description
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Firewall Services Module | All versions | — |
| Cisco | Firewall Services Module | 1.1.2 | — |
| Cisco | Firewall Services Module | 1.1.3 | — |
| Cisco | Firewall Services Module | 1.1_\(3.005\) | — |
| Cisco | Firewall Services Module | 2.1_\(0.208\) | — |
| Hp | Aaa Server | All versions | — |
| Hp | Apache-Based Web Server | 2.0.43.00 | — |
| Hp | Apache-Based Web Server | 2.0.43.04 | — |
| Symantec | Clientless Vpn Gateway 4400 | 5.0 | — |
| Cisco | Ciscoworks Common Management Foundation | 2.1 | — |
| Cisco | Ciscoworks Common Services | 2.2 | — |
| Avaya | Converged Communications Server | 2.0 | — |
| Avaya | Sg200 | 4.4 | — |
| Avaya | Sg200 | 4.31.29 | — |
| Avaya | Sg203 | 4.4 | — |
| Avaya | Sg203 | 4.31.29 | — |
| Avaya | Sg208 | All versions | — |
| Avaya | Sg208 | 4.4 | — |
| Avaya | Sg5 | 4.2 | — |
| Avaya | Sg5 | 4.3 | — |
| Avaya | Sg5 | 4.4 | — |
| Apple | Mac Os X | 10.3.3 | — |
| Apple | Mac Os X Server | 10.3.3 | — |
| Freebsd | Freebsd | 4.8 | — |
| Freebsd | Freebsd | 4.9 | — |
| Freebsd | Freebsd | 5.1 | — |
| Freebsd | Freebsd | 5.2 | — |
| Freebsd | Freebsd | 5.2.1 | Release |
| Hp | Hp-Ux | 8.05 | — |
| Hp | Hp-Ux | 11.00 | — |
| Hp | Hp-Ux | 11.11 | — |
| Hp | Hp-Ux | 11.23 | — |
| Openbsd | Openbsd | 3.3 | — |
| Openbsd | Openbsd | 3.4 | — |
| Redhat | Enterprise Linux | 3.0 | — |
| Redhat | Enterprise Linux Desktop | 3.0 | — |
| Redhat | Linux | 7.2 | — |
| Redhat | Linux | 7.3 | — |
| Redhat | Linux | 8.0 | — |
| Sco | Openserver | 5.0.6 | — |
| Sco | Openserver | 5.0.7 | — |
| Cisco | Ios | 12.1\(11\)e | — |
| Cisco | Ios | 12.1\(11b\)e | — |
| Cisco | Ios | 12.1\(11b\)e12 | — |
| Cisco | Ios | 12.1\(11b\)e14 | — |
| Cisco | Ios | 12.1\(13\)e9 | — |
| Cisco | Ios | 12.1\(19\)e1 | — |
| Cisco | Ios | 12.2\(14\)sy | — |
| Cisco | Ios | 12.2\(14\)sy1 | — |
| Cisco | Ios | 12.2sy | — |
Showing 50 of 237 affected configurations. See NVD for the full list.
References
- http://www.kb.cert.org/vuls/id/465542Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/9899Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlUS Government Resource
- http://www.kb.cert.org/vuls/id/465542Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/9899Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA04-078A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-0081?
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
How severe is CVE-2004-0081?
Severity scoring for CVE-2004-0081 is pending analysis. The EPSS model estimates a 7.23% probability of exploitation in the next 30 days.
How do I fix CVE-2004-0081?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2004-0081?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST