CVE-2001-1105

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ciac.org/ciac/bulletins/l-141.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/3329	Patch Vendor Advisory
http://www.cisco.com/warp/public/707/SSL-J-pub.html
http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7112

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:bsafe_ssl-j:3.1:::::::*
	cpe:2.3:a:cisco:icdn:2.0:::::::*
	cpe:2.3:a:dell:bsafe_ssl-j:3.0:::::::*
	cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:::::::*

Information

Published : 2001-09-11 21:00

Updated : 2021-11-08 07:48

NVD link : CVE-2001-1105

Mitre link : CVE-2001-1105

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cisco

icdn

dell

bsafe_ssl-j

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ciac.org/ciac/bulletins/l-141.shtml", "name": "L-141", "tags": ["Patch", "Vendor Advisory"], "refsource": "CIAC"}, {"url": "http://www.securityfocus.com/bid/3329", "name": "3329", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.cisco.com/warp/public/707/SSL-J-pub.html", "name": "20010912 Vulnerable SSL Implementation in iCDN", "tags": [], "refsource": "CISCO"}, {"url": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", "name": "http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html", "tags": [], "refsource": "CONFIRM"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7112", "name": "bsafe-ssl-bypass-authentication(7112)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-1105", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2001-09-12T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:icdn:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dell:bsafe_ssl-j:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-11-08T15:48Z"}

7.5 /10