OpenSSL Vulnerability in Multiple Versions Leading to DoS Attack
CVE-2004-0079

7.5HIGH

Key Information:

Vendor
Cisco
Status
Firewall Services Module
Clientless Vpn Gateway 4400
Apache-based Web Server
Aaa Server
Vendor
CVE Published:
23 November 2004

Summary

The vulnerability in OpenSSL allows remote attackers to craft a malicious SSL/TLS handshake request that triggers a null dereference in the do_change_cipher_spec function, leading to a denial of service by crashing the application. This affects multiple versions of OpenSSL and underscores the importance of timely updates to prevent potential attacks.

References

http://www.securityfocus.com/bid/9899
vdb-entryx_refsource_BID
http://www.redhat.com/archives/fedora-announce-list/2005-...
vendor-advisoryx_refsource_FEDORA
http://www.linuxsecurity.com/advisories/engarde_advisory-...
vendor-advisoryx_refsource_ENGARDE

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.