Vulnerability Name:

CCN-13322

Published:2003-09-30
Updated:2003-09-30
Summary:OpenSSL, as used on various servers, fails to properly parse client certificates. Even if a client certificate is not requested, a vulnerable server will parse one. A remote attacker could use this vulnerability to launch attacks against vulnerable servers.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Other
References:Source: CCN
Type: Sun Alert ID: 57100
Sun Linux Multiple Security Vulnerabilities in OpenSSL

Source: CCN
Type: Sun Alert ID: 57444
Sun Grid Engine 5.3 Software May Experience Security Vulnerabilities in OpenSSL

Source: CCN
Type: Novell Technical Information Document TID10087450
Regarding NISCC vulnerability advisory on SSL (secure sockets layer) and TLS -

Source: CCN
Type: CERT Advisory CA-2003-26
Multiple Vulnerabilities in SSL/TLS Implementations

Source: CCN
Type: CIAC Information Bulletin N-159
OpenSSL Security Vulnerabilities in ASN.1 parsing

Source: CCN
Type: cisco-sa-20030930-ssl
Cisco Security Advisory: SSL Implementation Vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS03-007
Multiple Vulnerabilities in SSL/TLS Implementations

Source: CCN
Type: US-CERT VU#732952
OpenSSL accepts unsolicited client certificate messages

Source: CCN
Type: OpenSSL Security Advisory [30 September 2003]
Vulnerabilities in ASN.1 parsing

Source: XF
Type: UNKNOWN
openssl-improper-certificate-parsing(13322)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2sx:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2sy:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:firewall_services_module:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/a:cisco:pix_firewall:*:*:*:*:*:*:*:*
  • OR cpe:/h:sun:cobalt_raq_4:*:*:*:*:*:*:*:*
  • OR cpe:/h:sun:cobalt_raq_xtr:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ciscoworks_1105_hosting_solution_engine:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ciscoworks_1105_wireless_lan_solution_engine:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1(11)e:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:network_analysis_module:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:threat_response:*:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:application_and_content_networking_software:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:sn_5428_storage_router:-:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_management_foundation:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openssl openssl 0.9.6i
    cisco ios 12.2sx
    cisco ios 12.2sy
    openssl openssl 0.9.6a
    openssl openssl 0.9.6
    openssl openssl 0.9.6 beta1
    openssl openssl 0.9.6 beta2
    openssl openssl 0.9.6 beta3
    openssl openssl 0.9.6a beta1
    openssl openssl 0.9.6a beta2
    openssl openssl 0.9.6a beta3
    openssl openssl 0.9.6b
    openssl openssl 0.9.6c
    openssl openssl 0.9.6d
    openssl openssl 0.9.6e
    openssl openssl 0.9.6f
    openssl openssl 0.9.6g
    openssl openssl 0.9.6h
    openssl openssl 0.9.6j
    openssl openssl 0.9.7 beta1
    openssl openssl 0.9.7 beta2
    openssl openssl 0.9.7 beta3
    openssl openssl 0.9.7 beta4
    openssl openssl 0.9.7 beta5
    openssl openssl 0.9.7 beta6
    cisco firewall services module *
    sun solaris 8
    cisco pix firewall *
    sun cobalt raq 4 *
    sun cobalt raq xtr *
    sun solaris 9
    cisco content services switch 11000 *
    openpkg openpkg current
    openpkg openpkg 1.2
    openssl openssl 0.9.7a
    openssl openssl 0.9.7
    openpkg openpkg 1.3
    cisco ciscoworks 1105 hosting solution engine *
    cisco ciscoworks 1105 wireless lan solution engine *
    cisco ios 12.1(11)e
    cisco network analysis module *
    cisco threat response *
    cisco application and content networking software *
    cisco sn 5428 storage router -
    cisco ciscoworks common management foundation -