Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1105

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1105
Last Modified 05 Sep 2008 04:25:42
Published 12 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1105

Summary

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

Vulnerable Systems

Application

  • Cisco Icdn 2.0

  • Rsa Bsafe Ssl-j Sdk 3.0

  • Rsa Bsafe Ssl-j Sdk 3.0.1

  • Rsa Bsafe Ssl-j Sdk 3.1


References

XF - bsafe-ssl-bypass-authentication(7112)

BID - 3329

CIAC - L-141

CONFIRM - http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html

CISCO - 20010912 Vulnerable SSL Implementation in iCDN


Last Updated: 27 May 2016 10:36:31