CVE Vulnerabilities

CVE-2005-2969

Published: Oct 18, 2005 | Modified: May 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Affected Software

Name Vendor Start Version End Version
Openssl Openssl 0.9.7c 0.9.7c
Openssl Openssl 0.9.7g 0.9.7g
Openssl Openssl 0.9.7d 0.9.7d
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7e 0.9.7e
Openssl Openssl 0.9.7b 0.9.7b
Openssl Openssl 0.9.8 0.9.8
Openssl Openssl 0.9.7a 0.9.7a
Openssl Openssl 0.9.7f 0.9.7f

References