CVE-2004-0112 — Vulnetix

Try Vulnetix Request Demo

CVE-2004-0112 PUBLISHED CVSS 5 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

EPSS 1.85% · 82.9th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

1.85%

82.9th percentile

Affected Products

Vendor	Product	Versions
tarantella	tarantella_enterprise	3.40, 3.30, 3.20
n/a	n/a	n/a
novell	edirectory	8.5.12a, 8.5.27, 8.6.2
securecomputing	sidewinder	5.2.0.04, 5.2.1.02, 5.2.1
cisco	gss_4490_global_site_selector
stonesoft	stonebeat_securitycluster	2.0, 2.5
bluecoat	cacheos_ca_sa	4.1.12, 4.1.10
avaya	s8700	r2.0.0, r2.0.1
redhat	openssl	0.9.7a-2, 0.9.7a-2, 0.9.7a-2
sun	crypto_accelerator_4000	1.0
cisco	ciscoworks_common_management_foundation	2.1
avaya	sg5	4.2, 4.3, 4.4
stonesoft	servercluster	2.5.2, 2.5
novell	imanager	2.0, 1.5
cisco	call_manager
cisco	access_registrar
avaya	sg203	4.31.29, 4.4
cisco	okena_stormwatch	3.2
cisco	pix_firewall_software	6.2\(2\), 6.2\(3\), 6.2\(3.100\)
forcepoint	stonegate	1.6.2, 1.5.17, 1.5.18

…and 46 more

Timeline

Jul 18, 2003 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

9899 vdb
SSRT4717 vendor-advisory
RHSA-2004:121 vendor-advisory
MDKSA-2004:023 vendor-advisory
CLA-2004:834 vendor-advisory
SCOSA-2004.10 vendor-advisory
http://www.uniras.gov.uk/vuls/2004/224012/index.htm url
57524 vendor-advisory
SuSE-SA:2004:007 vendor-advisory
http://lists.apple.com/mhonarc/security-announce/msg00045.html url
http://www.openssl.org/news/secadv_20040317.txt url
NetBSD-SA2004-005 vendor-advisory
O-101 third-party-advisory
TA04-078A third-party-advisory
oval:org.mitre.oval:def:1049 vdb
openssl-kerberos-ciphersuites-dos(15508) vdb
VU#484726 third-party-advisory
GLSA-200403-03 vendor-advisory
oval:org.mitre.oval:def:9580 vdb
11139 third-party-advisory

…and 10 more

Open in Interactive Console →