Denial of Service Vulnerability in OpenSSL by OpenSSL Software Foundation
CVE-2004-0081

Currently unrated

Key Information:

Vendor: Cisco
Status: Firewall Services Module; Clientless Vpn Gateway 4400; Apache-based Web Server; Aaa Server
Vendor: CVE Published:; 23 November 2004

Summary

OpenSSL versions prior to 0.9.6d contain a flaw in the handling of unknown message types, potentially allowing a remote attacker to create conditions that result in an infinite loop, leading to a denial of service. This vulnerability can be exploited using various tools, including the Codenomicon TLS Test Tool, which can trigger the loop and incapacitate the service. Updating to the latest version is crucial to mitigate this risk.

References

http://www.securityfocus.com/bid/9899

vdb-entryx_refsource_BID

http://www.linuxsecurity.com/advisories/engarde_advisory-...

vendor-advisoryx_refsource_ENGARDE

http://marc.info/?l=bugtraq&m=107955049331965&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Nov 23, 2004
Vulnerability Reserved
Jan 19, 2004