JVNDB-2005-000601
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2014-05-22 18:04Summary
OpenSSL version rollback vulnerability
Details
OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.
RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.
References
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
"dc:date": "2014-05-22T18:04+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2014-05-22T18:04+09:00",
"description": "OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.\r\n\r\nRFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"@product": "Cosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
"@product": "Cosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"@product": "Cosminexus Application Server Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"@product": "Cosminexus Developer Light Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"@product": "Cosminexus Developer Professional Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"@product": "Cosminexus Developer Standard Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
"@product": "Cosminexus Developer Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
"@product": "Cosminexus Server - Enterprise Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
"@product": "Cosminexus Server - Standard Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
"@product": "Cosminexus Server - Standard Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
"@product": "Cosminexus Server - Web Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
"@product": "Cosminexus Server - Web Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"@product": "uCosminexus Application Server Smart Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:openssl:openssl",
"@product": "OpenSSL",
"@vendor": "OpenSSL Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_messaging_security_suite",
"@product": "InterScan Messaging Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_viruswall",
"@product": "TrendMicro InterScan VirusWall",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_suite",
"@product": "TrendMicro InterScan Web Security Suite",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:fmse-c301",
"@product": "FMSE-C301",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:ipcom",
"@product": "IPCOM Series",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_wizpy",
"@product": "wizpy",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000601",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23632449/index.html",
"@id": "JVN#23632449",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969",
"@id": "CVE-2005-2969",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969",
"@id": "CVE-2005-2969",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/17151/",
"@id": "SA17151",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/15071",
"@id": "15071",
"@source": "BID"
},
{
"#text": "http://www.securiteam.com/securitynews/6Y00D0AEBW.html",
"@id": "6Y00D0AEBW",
"@source": "SECTEAM"
},
{
"#text": "http://www.frsirt.com/english/advisories/2005/2036",
"@id": "FrSIRT/ADV-2005-2036",
"@source": "FRSIRT"
}
],
"title": "OpenSSL version rollback vulnerability"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…