CVE-2005-2969

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Severity	MEDIUM
CVSS	5.0
CWE	NVD-CWE-Other
KEV
Published	20 years ago
Modified	1 month ago

Related Products

Product	Advisory	Evidence
CiscoWorks Common Services (CS)	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco Wireless Control System (WCS) Software	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco PIX Firewall Software	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco PIX Firewall	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco Mainframe Channel Connection	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco IOS XR Software	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco IOS	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco GSS Global Site Selector	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln
Cisco Adaptive Security Appliance (ASA) Software	Cisco-SA-20051012-CVE-2005-2969	Cisco OpenVuln