Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2004-0079

Disclosure Date: November 23, 2004
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • 4d,
  • apple,
  • avaya,
  • bluecoat,
  • checkpoint,
  • cisco,
  • dell,
  • freebsd,
  • hp,
  • lite,
  • neoteris,
  • novell,
  • openbsd,
  • openssl,
  • redhat,
  • sco,
  • securecomputing,
  • sgi,
  • stonesoft,
  • sun,
  • symantec,
  • tarantella,
  • vmware

Products

  • aaa server,
  • access registrar,
  • apache-based web server 2.0.43.00,
  • apache-based web server 2.0.43.04,
  • application and content networking software,
  • bsafe ssl-j 3.0,
  • bsafe ssl-j 3.0.1,
  • bsafe ssl-j 3.1,
  • cacheos ca sa 4.1.10,
  • cacheos ca sa 4.1.12,
  • call manager,
  • ciscoworks common management foundation 2.1,
  • ciscoworks common services 2.2,
  • clientless vpn gateway 4400 5.0,
  • content services switch 11500,
  • converged communications server 2.0,
  • crypto accelerator 4000 1.0,
  • css secure content accelerator 1.0,
  • css secure content accelerator 2.0,
  • css11000 content services switch,
  • edirectory 8.0,
  • edirectory 8.5,
  • edirectory 8.5.12a,
  • edirectory 8.5.27,
  • edirectory 8.6.2,
  • edirectory 8.7,
  • edirectory 8.7.1,
  • enterprise linux 3.0,
  • enterprise linux desktop 3.0,
  • firewall services module,
  • firewall services module 1.1 (3.005),
  • firewall services module 1.1.2,
  • firewall services module 1.1.3,
  • firewall services module 2.1 (0.208),
  • firewall-1,
  • firewall-1 2.0,
  • firewall-1 next generation fp0,
  • firewall-1 next generation fp1,
  • firewall-1 next generation fp2,
  • freebsd 4.8,
  • freebsd 4.9,
  • freebsd 5.1,
  • freebsd 5.2,
  • freebsd 5.2.1,
  • gss 4480 global site selector,
  • gss 4490 global site selector,
  • gsx server 2.0,
  • gsx server 2.0.1 build 2129,
  • gsx server 2.5.1,
  • gsx server 2.5.1 build 5336,
  • gsx server 3.0 build 7592,
  • hp-ux 11.00,
  • hp-ux 11.11,
  • hp-ux 11.23,
  • hp-ux 8.05,
  • imanager 1.5,
  • imanager 2.0,
  • instant virtual extranet 3.0,
  • instant virtual extranet 3.1,
  • instant virtual extranet 3.2,
  • instant virtual extranet 3.3,
  • instant virtual extranet 3.3.1,
  • intuity audix,
  • intuity audix 5.1.46,
  • intuity audix s3210,
  • intuity audix s3400,
  • ios 12.1(11)e,
  • ios 12.1(11b)e,
  • ios 12.1(11b)e12,
  • ios 12.1(11b)e14,
  • ios 12.1(13)e9,
  • ios 12.1(19)e1,
  • ios 12.2(14)sy,
  • ios 12.2(14)sy1,
  • ios 12.2sy,
  • ios 12.2za,
  • linux 7.2,
  • linux 7.3,
  • linux 8.0,
  • mac os x 10.3.3,
  • mac os x server 10.3.3,
  • mds 9000,
  • okena stormwatch 3.2,
  • openbsd 3.3,
  • openbsd 3.4,
  • openserver 5.0.6,
  • openserver 5.0.7,
  • openssl 0.9.6-15,
  • openssl 0.9.6b-3,
  • openssl 0.9.6c,
  • openssl 0.9.6d,
  • openssl 0.9.6e,
  • openssl 0.9.6f,
  • openssl 0.9.6g,
  • openssl 0.9.6h,
  • openssl 0.9.6i,
  • openssl 0.9.6j,
  • openssl 0.9.6k,
  • openssl 0.9.7,
  • openssl 0.9.7a,
  • openssl 0.9.7a-2,
  • openssl 0.9.7b,
  • openssl 0.9.7c,
  • pix firewall 6.2.2 .111,
  • pix firewall software 6.0,
  • pix firewall software 6.0(1),
  • pix firewall software 6.0(2),
  • pix firewall software 6.0(3),
  • pix firewall software 6.0(4),
  • pix firewall software 6.0(4.101),
  • pix firewall software 6.1,
  • pix firewall software 6.1(1),
  • pix firewall software 6.1(2),
  • pix firewall software 6.1(3),
  • pix firewall software 6.1(4),
  • pix firewall software 6.1(5),
  • pix firewall software 6.2,
  • pix firewall software 6.2(1),
  • pix firewall software 6.2(2),
  • pix firewall software 6.2(3),
  • pix firewall software 6.2(3.100),
  • pix firewall software 6.3,
  • pix firewall software 6.3(1),
  • pix firewall software 6.3(2),
  • pix firewall software 6.3(3.102),
  • pix firewall software 6.3(3.109),
  • propack 2.3,
  • propack 2.4,
  • propack 3.0,
  • provider-1 4.1,
  • proxysg,
  • s8300 r2.0.0,
  • s8300 r2.0.1,
  • s8500 r2.0.0,
  • s8500 r2.0.1,
  • s8700 r2.0.0,
  • s8700 r2.0.1,
  • secure content accelerator 10000,
  • servercluster 2.5,
  • servercluster 2.5.2,
  • sg200 4.31.29,
  • sg200 4.4,
  • sg203 4.31.29,
  • sg203 4.4,
  • sg208,
  • sg208 4.4,
  • sg5 4.2,
  • sg5 4.3,
  • sg5 4.4,
  • sidewinder 5.2,
  • sidewinder 5.2.0.01,
  • sidewinder 5.2.0.02,
  • sidewinder 5.2.0.03,
  • sidewinder 5.2.0.04,
  • sidewinder 5.2.1,
  • sidewinder 5.2.1.02,
  • speed technologies litespeed web server 1.0.1,
  • speed technologies litespeed web server 1.0.2,
  • speed technologies litespeed web server 1.0.3,
  • speed technologies litespeed web server 1.1,
  • speed technologies litespeed web server 1.1.1,
  • speed technologies litespeed web server 1.2 rc1,
  • speed technologies litespeed web server 1.2 rc2,
  • speed technologies litespeed web server 1.2.1,
  • speed technologies litespeed web server 1.2.2,
  • speed technologies litespeed web server 1.3,
  • speed technologies litespeed web server 1.3 rc1,
  • speed technologies litespeed web server 1.3 rc2,
  • speed technologies litespeed web server 1.3 rc3,
  • speed technologies litespeed web server 1.3.1,
  • stonebeat fullcluster 1 2.0,
  • stonebeat fullcluster 1 3.0,
  • stonebeat fullcluster 2.0,
  • stonebeat fullcluster 2.5,
  • stonebeat fullcluster 3.0,
  • stonebeat securitycluster 2.0,
  • stonebeat securitycluster 2.5,
  • stonebeat webcluster 2.0,
  • stonebeat webcluster 2.5,
  • stonegate 1.5.17,
  • stonegate 1.5.18,
  • stonegate 1.6.2,
  • stonegate 1.6.3,
  • stonegate 1.7,
  • stonegate 1.7.1,
  • stonegate 1.7.2,
  • stonegate 2.0.1,
  • stonegate 2.0.4,
  • stonegate 2.0.5,
  • stonegate 2.0.6,
  • stonegate 2.0.7,
  • stonegate 2.0.8,
  • stonegate 2.0.9,
  • stonegate 2.1,
  • stonegate 2.2,
  • stonegate 2.2.1,
  • stonegate 2.2.4,
  • stonegate vpn client 1.7,
  • stonegate vpn client 1.7.2,
  • stonegate vpn client 2.0,
  • stonegate vpn client 2.0.7,
  • stonegate vpn client 2.0.8,
  • stonegate vpn client 2.0.9,
  • tarantella enterprise 3.20,
  • tarantella enterprise 3.30,
  • tarantella enterprise 3.40,
  • threat response,
  • vpn-1 next generation fp0,
  • vpn-1 next generation fp1,
  • vpn-1 next generation fp2,
  • vpn-1 vsx ng with application intelligence,
  • vsu 100 r2.0.1,
  • vsu 10000 r2.0.1,
  • vsu 2000 r2.0.1,
  • vsu 5,
  • vsu 500,
  • vsu 5000 r2.0.1,
  • vsu 5x,
  • vsu 7500 r2.0.1,
  • wbem a.01.05.08,
  • wbem a.02.00.00,
  • wbem a.02.00.01,
  • webns 6.10,
  • webns 6.10 b4,
  • webns 7.1 0.1.02,
  • webns 7.1 0.2.06,
  • webns 7.10,
  • webns 7.10 .0.06s,
  • webns 7.2 0.0.03,
  • webstar 4.0,
  • webstar 5.2,
  • webstar 5.2.1,
  • webstar 5.2.2,
  • webstar 5.2.3,
  • webstar 5.2.4,
  • webstar 5.3,
  • webstar 5.3.1

References

Advisory

Additional Info

Technical Analysis