Description

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Remediation

References

CVE-2005-2969

Related Vulnerabilities

WordPress Plugin Admin Bar User Switching Cross-Site Scripting (1.0.4)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.9.9.2.8)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2019-3894)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1762)

WordPress Plugin WordPoints Multiple Vulnerabilities (1.7.0)

Severity

Medium

Classification

CVE-2005-2969

Tags

Missing Update Known Vulnerabilities