VDB
CVE-2004-0112
CVE-2004-0112
PUBLISHED
CVSS 5 MEDIUM
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
EPSS 0.92% · 76.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.92%
76.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| tarantella | tarantella_enterprise | 3.20, 3.40, 3.30 |
| n/a | n/a | n/a |
| novell | edirectory | 8.5, 8.7, 8.5.27 |
| securecomputing | sidewinder | 5.2.0.02, 5.2.0.03, 5.2.0.04 |
| cisco | gss_4490_global_site_selector | |
| stonesoft | stonebeat_securitycluster | 2.5, 2.0 |
| bluecoat | cacheos_ca_sa | 4.1.12, 4.1.10 |
| avaya | s8700 | r2.0.0, * |
| redhat | openssl | 0.9.6-15, 0.9.7a-2, 0.9.7a-2 |
| sun | crypto_accelerator_4000 | 1.0 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| avaya | sg5 | 4.3, 4.2, 4.4 |
| stonesoft | servercluster | 2.5, 2.5.2 |
| novell | imanager | 1.5, 2.0 |
| cisco | call_manager | |
| cisco | access_registrar | |
| avaya | sg203 | 4.4, 4.31.29 |
| cisco | okena_stormwatch | 3.2 |
| cisco | pix_firewall_software | 6.1\(5\), 6.0\(4.101\), 6.0 |
| forcepoint | stonegate | 2.0.9, 1.5.17, 2.1 |
…and 46 more
Exploit Intelligence
- TA04-078A (circl)
- oval:org.mitre.oval:def:9580 (circl)
- SSRT4717 (circl)
- RHSA-2004:121 (circl)
- MDKSA-2004:023 (circl)
- CLA-2004:834 (circl)
- SCOSA-2004.10 (circl)
- http://www.uniras.gov.uk/vuls/2004/224012/index.htm (circl)
- 57524 (circl)
- SuSE-SA:2004:007 (circl)
…and 19 more exploits
Timeline
- Jul 18, 2003 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 9899 vdb
- SSRT4717 vendor-advisory
- RHSA-2004:121 vendor-advisory
- MDKSA-2004:023 vendor-advisory
- CLA-2004:834 vendor-advisory
- SCOSA-2004.10 vendor-advisory
- http://www.uniras.gov.uk/vuls/2004/224012/index.htm url
- 57524 vendor-advisory
- SuSE-SA:2004:007 vendor-advisory
- http://lists.apple.com/mhonarc/security-announce/msg00045.html url
- http://www.openssl.org/news/secadv_20040317.txt url
- NetBSD-SA2004-005 vendor-advisory
- O-101 third-party-advisory
- TA04-078A third-party-advisory
- oval:org.mitre.oval:def:1049 vdb
- openssl-kerberos-ciphersuites-dos(15508) vdb
- VU#484726 third-party-advisory
- GLSA-200403-03 vendor-advisory
- oval:org.mitre.oval:def:9580 vdb
- 11139 third-party-advisory
…and 10 more