National Cyber-Alert System
Vulnerability Summary: CVE-2005-2969
Orirignal release date: 2005-10-18
Source: US-CERT/NIST

Overview

    The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Impact

    CVSS Severity: 3.3 (Low)
    Range: remote
    Authentication: config
    Impact Type: int

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    OpenSSL (OpenSSL)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969