CVE-2001-1105

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ciac.org/ciac/bulletins/l-141.shtml	Patch Vendor Advisory
http://www.cisco.com/warp/public/707/SSL-J-pub.html
http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
http://www.securityfocus.com/bid/3329	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7112

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:icdn:2.0:::::::*
	cpe:2.3:a:dell:bsafe_ssl-j:3.0:::::::*
	cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:::::::*
	cpe:2.3:a:dell:bsafe_ssl-j:3.1:::::::*

History

08 Nov 2021, 15:48

Type	Values Removed	Values Added
CPE	cpe:2.3:a:rsa:bsafe_ssl-j_sdk:3.1:::::::* cpe:2.3:a:rsa:bsafe_ssl-j_sdk:3.0:::::::* cpe:2.3:a:rsa:bsafe_ssl-j_sdk:3.0.1:::::::*	cpe:2.3:a:dell:bsafe_ssl-j:3.1:::::::* cpe:2.3:a:dell:bsafe_ssl-j:3.0:::::::* cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:::::::*

Information

Published : 2001-09-12 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2001-1105

Mitre link : CVE-2001-1105

CVE.ORG link : CVE-2001-1105

JSON object : View

Products Affected

dell

bsafe_ssl-j

cisco

icdn

CWE

NVD-CWE-Other

{"id": "CVE-2001-1105", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2001-09-12T04:00:00.000", "references": [{"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html", "source": "cve@mitre.org"}, {"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3329", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."}], "lastModified": "2021-11-08T15:48:31.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:icdn:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E074F8F9-6997-45FE-8FB9-4A800C896DEC"}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1FDD507-C38B-4C38-A54F-3DA6F07AD0B5"}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F2B7AC2-CF08-4AC9-9A71-3A8130F9F9AD"}, {"criteria": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4D9564B-B92E-4C97-87FF-B56D62DCA775"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}