CVE-2005-2969
OpenSSL SSL/TLS Protocol Version Rollback Vulnerability
Description
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
INFO
Published Date :
Oct. 18, 2005, 9:02 p.m.
Last Modified :
April 3, 2025, 1:03 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
2.9
Exploitability Score :
10.0
Public PoC/Exploit Available at Github
CVE-2005-2969 has a 1 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2005-2969.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2005-2969 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2005-2969 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf Added Reference http://docs.info.apple.com/article.html?artnum=302847 Added Reference http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 Added Reference http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 Added Reference http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 Added Reference http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 Added Reference http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html Added Reference http://secunia.com/advisories/17146 Added Reference http://secunia.com/advisories/17151 Added Reference http://secunia.com/advisories/17153 Added Reference http://secunia.com/advisories/17169 Added Reference http://secunia.com/advisories/17178 Added Reference http://secunia.com/advisories/17180 Added Reference http://secunia.com/advisories/17189 Added Reference http://secunia.com/advisories/17191 Added Reference http://secunia.com/advisories/17210 Added Reference http://secunia.com/advisories/17259 Added Reference http://secunia.com/advisories/17288 Added Reference http://secunia.com/advisories/17335 Added Reference http://secunia.com/advisories/17344 Added Reference http://secunia.com/advisories/17389 Added Reference http://secunia.com/advisories/17409 Added Reference http://secunia.com/advisories/17432 Added Reference http://secunia.com/advisories/17466 Added Reference http://secunia.com/advisories/17589 Added Reference http://secunia.com/advisories/17617 Added Reference http://secunia.com/advisories/17632 Added Reference http://secunia.com/advisories/17813 Added Reference http://secunia.com/advisories/17888 Added Reference http://secunia.com/advisories/18045 Added Reference http://secunia.com/advisories/18123 Added Reference http://secunia.com/advisories/18165 Added Reference http://secunia.com/advisories/18663 Added Reference http://secunia.com/advisories/19185 Added Reference http://secunia.com/advisories/21827 Added Reference http://secunia.com/advisories/23280 Added Reference http://secunia.com/advisories/23340 Added Reference http://secunia.com/advisories/23843 Added Reference http://secunia.com/advisories/23915 Added Reference http://secunia.com/advisories/25973 Added Reference http://secunia.com/advisories/26893 Added Reference http://secunia.com/advisories/31492 Added Reference http://securitytracker.com/id?1015032 Added Reference http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1 Added Reference http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm Added Reference http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm Added Reference http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml Added Reference http://www.debian.org/security/2005/dsa-875 Added Reference http://www.debian.org/security/2005/dsa-881 Added Reference http://www.debian.org/security/2005/dsa-882 Added Reference http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html Added Reference http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html Added Reference http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt Added Reference http://www.mandriva.com/security/advisories?name=MDKSA-2005:179 Added Reference http://www.novell.com/linux/security/advisories/2005_61_openssl.html Added Reference http://www.openssl.org/news/secadv_20051011.txt Added Reference http://www.redhat.com/support/errata/RHSA-2005-762.html Added Reference http://www.redhat.com/support/errata/RHSA-2005-800.html Added Reference http://www.redhat.com/support/errata/RHSA-2008-0629.html Added Reference http://www.securityfocus.com/bid/15071 Added Reference http://www.securityfocus.com/bid/15647 Added Reference http://www.securityfocus.com/bid/24799 Added Reference http://www.vupen.com/english/advisories/2005/2036 Added Reference http://www.vupen.com/english/advisories/2005/2659 Added Reference http://www.vupen.com/english/advisories/2005/2710 Added Reference http://www.vupen.com/english/advisories/2005/2908 Added Reference http://www.vupen.com/english/advisories/2005/3002 Added Reference http://www.vupen.com/english/advisories/2005/3056 Added Reference http://www.vupen.com/english/advisories/2006/3531 Added Reference http://www.vupen.com/english/advisories/2007/0326 Added Reference http://www.vupen.com/english/advisories/2007/0343 Added Reference http://www.vupen.com/english/advisories/2007/2457 Added Reference http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/35287 Added Reference https://issues.rpath.com/browse/RPL-1633 Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
May. 03, 2018
Action Type Old Value New Value Removed Reference http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11454 [No Types Assigned] Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454 [No Types Assigned] -
CVE Modified by [email protected]
Jul. 11, 2017
Action Type Old Value New Value Removed Reference http://xforce.iss.net/xforce/xfdb/35287 [No Types Assigned] Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/35287 [No Types Assigned] -
Initial Analysis by [email protected]
Oct. 19, 2005
Action Type Old Value New Value
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2005-2969 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2005-2969
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
8.92 }} -11.13%
score
0.91769
percentile