CVE-2004-0112 vulnerability in Cisco and Other Products
Published on November 23, 2004

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2004-0112

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2004-0112 are published in these products:

Cisco Firewall Services Module

HP Apache Based Web Server

Symantec Clientless Vpn Gateway 4400

HP Aaa Server

Ciscoworks Common Management Foundation

Avaya Sg208

Avaya Sg5

FreeBSD

Hp Ux

Red Hat Linux

Avaya Sg203

Red Hat Enterprise Linux Desktop

Avaya Sg200

Apple macOS

Red Hat Enterprise Linux (RHEL)

Ciscoworks Common Services

Avaya Converged Communications Server

OpenBSD

Sco Openserver

Exploit Probability

EPSS

0.70%

Percentile

71.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2004-0112 vulnerability in Cisco and Other ProductsPublished on November 23, 2004

Products Associated with CVE-2004-0112

Exploit Probability

CVE-2004-0112 vulnerability in Cisco and Other Products
Published on November 23, 2004