CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2005-2969 – openssl mitm downgrade attack
https://notcve.org/view.php?id=CVE-2005-2969
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. • ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf http://docs.info.apple.com/article.html?artnum=302847 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17146 http://secunia.com/advisories/17151 http://secunia.com/advisories/17153 http://secunia.com/advisories/17169 http:/&#x •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2946
https://notcve.org/view.php?id=CVE-2005-2946
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. • http://www.cits.rub.de/MD5Collisions http://www.ubuntu.com/usn/usn-179-1 https://bugzilla.ubuntu.com/show_bug.cgi?id=13593 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •