Search criteria
4 vulnerabilities found for icdn by cisco
VAR-200109-0135
Vulnerability from variot - Updated: 2023-12-18 13:10RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. A vulnerability exists in several versions of RSA's SSL-J Software Development Kit (SDK) that can enable an attacker to bypass SSL client authentication. Under certain conditions, if an error occurs during the SSL client-server handshake, the SSL session key may be stored in a cache rather than being discarded. Once cached, this session key can be used by an attacker to cause a server to skip the full client authentication scheme, using a much shorter one. This effectively allows the attacker to fully bypass the client authentication. On systems that rely solely on the authentication mechanism provided by SSL, this could enable an attacker to perform unauthorized actions. Additional technical details are forthcoming
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200109-0135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "icdn",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.1"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0.1"
},
{
"model": "bsafe ssl-j",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.0"
},
{
"model": "bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.1"
},
{
"model": "bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0.1"
},
{
"model": "bsafe ssl-j sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "rsa",
"version": "3.0"
},
{
"model": "icdn",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "3329"
},
{
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:icdn:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Published in a Cisco Systems Security Advisory on September 12, 2001.",
"sources": [
{
"db": "BID",
"id": "3329"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3910",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1105",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1105",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200109-041",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-3910",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2001-1105",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3910"
},
{
"db": "VULMON",
"id": "CVE-2001-1105"
},
{
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. A vulnerability exists in several versions of RSA\u0027s SSL-J Software Development Kit (SDK) that can enable an attacker to bypass SSL client authentication. \nUnder certain conditions, if an error occurs during the SSL client-server handshake, the SSL session key may be stored in a cache rather than being discarded. Once cached, this session key can be used by an attacker to cause a server to skip the full client authentication scheme, using a much shorter one. This effectively allows the attacker to fully bypass the client authentication. \nOn systems that rely solely on the authentication mechanism provided by SSL, this could enable an attacker to perform unauthorized actions. \nAdditional technical details are forthcoming",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"db": "BID",
"id": "3329"
},
{
"db": "VULHUB",
"id": "VHN-3910"
},
{
"db": "VULMON",
"id": "CVE-2001-1105"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2001-1105",
"trust": 2.1
},
{
"db": "BID",
"id": "3329",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-200109-041",
"trust": 0.7
},
{
"db": "XF",
"id": "7112",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20010912 VULNERABLE SSL IMPLEMENTATION IN ICDN",
"trust": 0.6
},
{
"db": "CIAC",
"id": "L-141",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3910",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2001-1105",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3910"
},
{
"db": "VULMON",
"id": "CVE-2001-1105"
},
{
"db": "BID",
"id": "3329"
},
{
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
]
},
"id": "VAR-200109-0135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3910"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:10:58.104000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/3329"
},
{
"trust": 1.8,
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"trust": 1.8,
"url": "http://www.cisco.com/warp/public/707/ssl-j-pub.html"
},
{
"trust": 1.8,
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/bsafe_ssl-j_3.x.securitybulletin.html"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/7112.php"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html"
},
{
"trust": 0.3,
"url": "http://www.rsa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3910"
},
{
"db": "VULMON",
"id": "CVE-2001-1105"
},
{
"db": "BID",
"id": "3329"
},
{
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3910"
},
{
"db": "VULMON",
"id": "CVE-2001-1105"
},
{
"db": "BID",
"id": "3329"
},
{
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-3910"
},
{
"date": "2001-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2001-1105"
},
{
"date": "2001-09-12T00:00:00",
"db": "BID",
"id": "3329"
},
{
"date": "2001-09-12T04:00:00",
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"date": "2001-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-3910"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2001-1105"
},
{
"date": "2009-07-11T07:56:00",
"db": "BID",
"id": "3329"
},
{
"date": "2021-11-08T15:48:31.707000",
"db": "NVD",
"id": "CVE-2001-1105"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RSA BSAFE SSL-J Verification bypass vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-041"
}
],
"trust": 0.6
}
}
CVE-2001-1105 (GCVE-0-2001-1105)
Vulnerability from cvelistv5 – Published: 2002-03-15 05:00 – Updated: 2024-08-08 04:44
VLAI?
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"name": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html",
"refsource": "CONFIRM",
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1105",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1105 (GCVE-0-2001-1105)
Vulnerability from nvd – Published: 2002-03-15 05:00 – Updated: 2024-08-08 04:44
VLAI?
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010912 Vulnerable SSL Implementation in iCDN",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"name": "3329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3329"
},
{
"name": "L-141",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"name": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html",
"refsource": "CONFIRM",
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"name": "bsafe-ssl-bypass-authentication(7112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1105",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2001-1105
Vulnerability from fkie_nvd - Published: 2001-09-12 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | icdn | 2.0 | |
| dell | bsafe_ssl-j | 3.0 | |
| dell | bsafe_ssl-j | 3.0.1 | |
| dell | bsafe_ssl-j | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:icdn:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E074F8F9-6997-45FE-8FB9-4A800C896DEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."
}
],
"id": "CVE-2001-1105",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}