Vulnerability Name: CVE-2005-2969 (CCN-22559) Assigned: 2005-10-11 Published: 2005-10-11 Updated: 2018-05-03 Summary: The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N )4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N )3.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-Other Vulnerability Consequences: Data Manipulation References: Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-05:21Potential SSL 2.0 rollback Source: MISC Type: UNKNOWNftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf Source: CCN Type: BugTraq Mailing List, Fri Feb 10 2006 - 07:01:33 CST[security bulletin] SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol Source: MITRE Type: CNACVE-2005-2969 Source: APPLE Type: UNKNOWNAPPLE-SA-2005-11-29 Source: HP Type: UNKNOWNHPSBUX02174 Source: HP Type: UNKNOWNSSRT071299 Source: TRUSTIX Type: UNKNOWNTSLSA-2005-0059 Source: CCN Type: RHSA-2005-800openssl security update Source: CCN Type: RHSA-2008-0264Moderate: Red Hat Network Satellite Server Solaris client security update Source: CCN Type: RHSA-2008-0525Moderate: Red Hat Network Satellite Server Solaris client security update Source: CCN Type: RHSA-2008-0629Moderate: Red Hat Network Satellite Server Solaris client security update Source: SECUNIA Type: UNKNOWN17146 Source: CCN Type: SA17151OpenSSL Potential SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN17151 Source: SECUNIA Type: UNKNOWN17153 Source: CCN Type: SA17169Sun Solaris OpenSSL SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN17169 Source: SECUNIA Type: UNKNOWN17178 Source: SECUNIA Type: UNKNOWN17180 Source: SECUNIA Type: UNKNOWN17189 Source: SECUNIA Type: UNKNOWN17191 Source: SECUNIA Type: UNKNOWN17210 Source: SECUNIA Type: UNKNOWN17259 Source: SECUNIA Type: UNKNOWN17288 Source: SECUNIA Type: UNKNOWN17335 Source: SECUNIA Type: UNKNOWN17344 Source: CCN Type: SA17389NetBSD Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN17389 Source: CCN Type: SA17409Serv-U FTP Server Potential Denial of Service Vulnerability Source: SECUNIA Type: UNKNOWN17409 Source: CCN Type: SA17432Blue Coat Products OpenSSL SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN17432 Source: CCN Type: SA17466Astaro WebAdmin SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN17466 Source: SECUNIA Type: UNKNOWN17589 Source: CCN Type: SA17617Astaro Security Linux ISAKMP and SSL 2.0 Rollback Vulnerabilities Source: SECUNIA Type: UNKNOWN17617 Source: CCN Type: SA17632Astaro WebAdmin SSL 2.0 Rollback and PPTP Denial of Service Source: SECUNIA Type: UNKNOWN17632 Source: CCN Type: SA17813Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN17813 Source: CCN Type: SA17888Cisco Products OpenSSL Potential SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN17888 Source: CCN Type: SA18045HP Web-Enabled Management Software Potential SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN18045 Source: CCN Type: SA18123Juniper IVE OS Potential SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN18123 Source: CCN Type: SA18165IBM HMC OpenSSL Vulnerabilities Source: SECUNIA Type: UNKNOWN18165 Source: CCN Type: SA18663Avaya Intuity Audix OpenSSL Potential SSL 2.0 Rollback Source: SECUNIA Type: UNKNOWN18663 Source: SECUNIA Type: UNKNOWN19185 Source: CCN Type: SA21827IBM Director OpenSSL Potential SSL 2.0 Rollback Vulnerability Source: SECUNIA Type: UNKNOWN21827 Source: SECUNIA Type: UNKNOWN23280 Source: CCN Type: SA23340Avaya PDS HP-UX Secure Shell / OpenSSL Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN23340 Source: CCN Type: SA23843Hitachi Web Server Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN23843 Source: SECUNIA Type: UNKNOWN23915 Source: CCN Type: SA25973Hitachi JP1/HiCommand Series Two Vulnerabilities Source: SECUNIA Type: UNKNOWN25973 Source: CCN Type: SA26893rPath update for openssl Source: SECUNIA Type: UNKNOWN26893 Source: SECUNIA Type: UNKNOWN31492 Source: CCN Type: SECTRACK ID: 1015032OpenSSL SSL_OP_MSIE_SSLV2_RSA_PADDING Option May Let Remote Users Rollback the Protocol Version Source: SECTRACK Type: UNKNOWN1015032 Source: SUNALERT Type: UNKNOWN101974 Source: CONFIRM Type: UNKNOWNhttp://support.avaya.com/elmodocs2/security/ASA-2006-031.htm Source: CCN Type: ASA-2006-031OpenSSL Potential SSL 2.0 Rollback Vulnerability (SCOSA-2005.48) Source: CONFIRM Type: UNKNOWNhttp://support.avaya.com/elmodocs2/security/ASA-2006-260.htm Source: CCN Type: ASA-2006-260HP-UX OpenSSL Denial of Service (DoS) Increase Privilege (HPSBUX02174) Source: CCN Type: ASA-2007-018HP-UX Apache Remote Execution of Arbitrary Code Denial of Service (DoS) and Unauthorized Access (HPSBUX02186) Source: CCN Type: IBM Support & downloadsFixes to leap second handling, new DST time and openssl for Power4 HMC V3R3.6 (Doc Number=2312) Source: MISC Type: UNKNOWNhttp://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 Source: CCN Type: Blue Coat Web siteOpenSSL 2.0 Rollback Vulnerability CAN-2005-2969 Source: CCN Type: Cisco Security Notice 68324Response to OpenSSL - Potential SSL 2.0 Rollback Source: CISCO Type: UNKNOWN20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback Source: DEBIAN Type: UNKNOWNDSA-875 Source: DEBIAN Type: UNKNOWNDSA-881 Source: DEBIAN Type: UNKNOWNDSA-882 Source: DEBIAN Type: DSA-875openssl094 -- cryptographic weakness Source: DEBIAN Type: DSA-881openssl096 -- cryptographic weakness Source: DEBIAN Type: DSA-882openssl095 -- cryptographic weakness Source: DEBIAN Type: DSA-888openssl -- cryptographic weakness Source: CCN Type: GLSA-200510-11OpenSSL: SSL 2.0 protocol rollback Source: CONFIRM Type: UNKNOWNhttp://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html Source: CONFIRM Type: UNKNOWNhttp://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html Source: CCN Type: IBM Security Bulletin 1693035Multiple vulnerabilities in AppScan Enterprise (CVE-2014-6135, CVE-2014-6119, CVE-2014-6122, CVE-2014-6121, CVE-2013-2566, CVE-2005-2969) Source: CCN Type: Juniper Security Bulletin PSN-2005-12-025IVE potential SSL 2.0 rollback Source: MISC Type: UNKNOWNhttp://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt Source: MANDRIVA Type: UNKNOWNMDKSA-2005:179 Source: SUSE Type: UNKNOWNSUSE-SA:2005:061 Source: CCN Type: OpenPKG-SA-2005.022OpenSSL Source: CCN Type: OpenSSL Web siteOpenSSL:The Open Source toolkit for SSL/TLS Source: CCN Type: OpenSSL Security Advisory 20051011Potential SSL 2.0 Rollback (CAN-2005-2969) Source: CONFIRM Type: Patch, Vendor Advisoryhttp://www.openssl.org/news/secadv_20051011.txt Source: REDHAT Type: UNKNOWNRHSA-2005:762 Source: REDHAT Type: Vendor AdvisoryRHSA-2005:800 Source: REDHAT Type: UNKNOWNRHSA-2008:0629 Source: BID Type: UNKNOWN15071 Source: CCN Type: BID-15071OpenSSL Insecure Protocol Negotiation Weakness Source: BID Type: UNKNOWN15647 Source: CCN Type: BID-15647RETIRED: Apple Mac OS X Security Update 2005-009 Multiple Vulnerabilities Source: BID Type: UNKNOWN24799 Source: CCN Type: BID-24799JP1/HiCommand Series Products OpenSSL Insecure Protocol Negotiation Weakness Source: CCN Type: TLSA-2007-52Multiple vulnerabilities exist in openssl Source: CCN Type: USN-204-1SSL library vulnerability Source: VUPEN Type: UNKNOWNADV-2005-2036 Source: VUPEN Type: UNKNOWNADV-2005-2659 Source: VUPEN Type: UNKNOWNADV-2005-2710 Source: VUPEN Type: UNKNOWNADV-2005-2908 Source: VUPEN Type: UNKNOWNADV-2005-3002 Source: VUPEN Type: UNKNOWNADV-2005-3056 Source: VUPEN Type: UNKNOWNADV-2006-3531 Source: VUPEN Type: UNKNOWNADV-2007-0326 Source: VUPEN Type: UNKNOWNADV-2007-0343 Source: VUPEN Type: UNKNOWNADV-2007-2457 Source: XF Type: UNKNOWNopenssl-mitm(22559) Source: XF Type: UNKNOWNhitachi-hicommand-security-bypass(35287) Source: CONFIRM Type: UNKNOWNhttps://issues.rpath.com/browse/RPL-1633 Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:11454 Source: SUSE Type: SUSE-SA:2005:061openssl: protocol downgrade attack Vulnerable Configuration: Configuration 1 :cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7e:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7f:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7g:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7e:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7f:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7g:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:* AND cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:* OR cpe:/o:bluecoat:cacheos:4.0.14:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/a:cisco:ciscoworks_common_services:3.0:*:*:*:*:*:*:* OR cpe:/h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:* OR cpe:/h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:* OR cpe:/h:cisco:gss_4491_global_site_selector:*:*:*:*:*:*:*:* OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:* OR cpe:/a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/h:cisco:wireless_control_system:3.2(40):*:*:*:*:*:*:* OR cpe:/h:cisco:wireless_control_system:3.2(51):*:*:*:*:*:*:* OR cpe:/o:bluecoat:cacheos:4.0:*:*:*:*:*:*:* OR cpe:/o:bluecoat:cacheos:4.1.6:*:*:*:*:*:*:* OR cpe:/o:bluecoat:security_gateway_os:-:*:*:*:*:*:*:* OR cpe:/o:cisco:ios_xr:3.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.8
openssl openssl 0.9.7a
openssl openssl 0.9.7
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.8
freebsd freebsd *
bluecoat cacheos 4.0.14
debian debian linux 3.0
openpkg openpkg current
gentoo linux *
suse linux enterprise server 8
mandrakesoft mandrake linux corporate server 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
suse suse linux 9.1
redhat enterprise linux 3
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
novell open enterprise server *
mandrakesoft mandrake multi network firewall 2.0
suse suse linux 10.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 2006
cisco ciscoworks common services 3.0
cisco gss 4480 global site selector *
cisco gss 4490 global site selector *
cisco gss 4491 global site selector *
suse linux enterprise server 9
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux corporate server 3.0
turbolinux turbolinux fuji
turbolinux turbolinux personal *
turbolinux turbolinux multimedia *
mandrakesoft mandrake linux corporate server 2.1
cisco ciscoworks common services 2.2
novell open enterprise server *
cisco wireless control system 3.2(40)
cisco wireless control system 3.2(51)
bluecoat cacheos 4.0
bluecoat cacheos 4.1.6
bluecoat security gateway os -
cisco ios xr 3.0
suse suse linux 9.3
ibm security appscan 8.5.0.0 -
ibm security appscan 8.6.0.0 -
ibm security appscan 8.7.0.0 -
ibm security appscan 8.7.0.0 -