CVE-2005-2969
Last modified
CVE-2005-2969 is a vulnerability of currently unknown severity. The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.. EPSS estimates a 4.87% chance of exploitation in the next 30 days.
Description
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.7 |
| Openssl | Openssl | 0.9.7a |
| Openssl | Openssl | 0.9.7b |
| Openssl | Openssl | 0.9.7c |
| Openssl | Openssl | 0.9.7d |
| Openssl | Openssl | 0.9.7e |
| Openssl | Openssl | 0.9.7f |
| Openssl | Openssl | 0.9.7g |
| Openssl | Openssl | 0.9.8 |
References
- http://www.openssl.org/news/secadv_20051011.txtPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-800.htmlVendor Advisory
- http://www.openssl.org/news/secadv_20051011.txtPatch, Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-800.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-2969?
How severe is CVE-2005-2969?
How do I fix CVE-2005-2969?
Are you affected by CVE-2005-2969?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST