Vulnerabilities for Bsafe ssl-j sdk (...) - CXSECURITY.COM

Vulnerabilities for 'Bsafe ssl-j sdk'

2004-11-23

CVE-2004-0112

CWE-Other

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVE-2004-0081

CWE-Other

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVE-2004-0079

CWE-Other

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

2001-09-12

CVE-2001-1105

CWE-Other

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

>>> Vendor: RSA 39 Products

Bsafe ssl-j sdk

Authentication agent for web

Securid web agent

Keon certificate authority manager

Authentication manager

Keon registration authority web interface

Authentication agent

Adaptive authentication

Federated identity manager

Access manager agent

Access manager server

Authentication client

Securid software token converter

Securid appliance

Authentication agent for windows

Authentication api

Pluggable authentication module

Pluggable authentication module agent

Bsafe crypto-c me

Bsafe crypto-c me mfp psos

Bsafe crypto-c me mfp vxworks

Bsafe crypto-j jsafe and jce

Adaptive authentication (on premise)

Identity management and governance

Governance and lifecycle

Lifecycle and governance

Archer grc platform

Copyright 2024, cxsecurity.com