Lucene search

[email protected]NVD:CVE-2001-1105

HistorySep 12, 2001 - 4:00 a.m.

CVE-2001-1105

2001-09-1204:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

Affected configurations

Nvd

Node

ciscoicdnMatch2.0

dellbsafe_ssl-jMatch3.0

dellbsafe_ssl-jMatch3.0.1

dellbsafe_ssl-jMatch3.1

VendorProductVersionCPE
ciscoicdn2.0cpe:2.3:a:cisco:icdn:2.0:*:*:*:*:*:*:*
dellbsafe_ssl-j3.0cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*
dellbsafe_ssl-j3.0.1cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*
dellbsafe_ssl-j3.1cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	icdn	2.0	cpe:2.3:a:cisco:icdn:2.0:::::::*
dell	bsafe_ssl-j	3.0	cpe:2.3:a:dell:bsafe_ssl-j:3.0:::::::*
dell	bsafe_ssl-j	3.0.1	cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:::::::*
dell	bsafe_ssl-j	3.1	cpe:2.3:a:dell:bsafe_ssl-j:3.1:::::::*

References

www.ciac.org/ciac/bulletins/l-141.shtml

www.cisco.com/warp/public/707/SSL-J-pub.html

www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html

www.securityfocus.com/bid/3329

exchange.xforce.ibmcloud.com/vulnerabilities/7112

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

Related for NVD:CVE-2001-1105

cve1 cvelist1